Kone jumittaa windowsiin/nettiin kirjautuessa Hjt, Combofix ja eScan-logi

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Nispri 17.11.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. Nispri

    Nispri Member

    Liittynyt:
    09.08.2005
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    elikkä kone menee jumiin kun kirjaudun windowsiin noin 3-5 minuutiksi ja sen jälkeen rupeaa toimimaan normaalisti.
    Logfile of HijackThis v1.99.1
    Scan saved at 12:04:50, on 17.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
    C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\NewSoft\Presto! PVR\URemote.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\MIIKAM~1\LOCALS~1\Temp\RtkBtMnt.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Miika Merijärvi\Työpöytä\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [URemote] C:\Program Files\NewSoft\Presto! PVR\URemote.exe
    O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
    O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{77479679-75A8-494D-BDE0-6A08474F4B14}: NameServer = 192.168.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
    O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
     
    Nispri, 17.11.2006
    #1
  2.  
  3. Nispri

    Nispri Member

    Liittynyt:
    09.08.2005
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    Ei kukaan viittis tarkastaa tota lokia??
     
    Nispri, 18.11.2006
    #2
  4. Hujo

    Hujo Guest

    ei silmään osu äkkiselteen.

    1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
    tiedosto työpöydällesi.
    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


    Aina voi löytöjä tapahtua
     
    Hujo, 19.11.2006
    #3
  5. Nispri

    Nispri Member

    Liittynyt:
    09.08.2005
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    elikkä tässä olis se loki:

    Miika Merij„rvi - 06-11-21 19:35:53,40 Service Pack 2
    ComboFix 06.11.19 - Running from: "C:\Documents and Settings\Miika Merij„rvi\Ty”p”yt„"

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-21 to 2006-11-21 ))))))))))))))))))))))))))))))))))


    2006-11-19 19:32 <KANSIO> d-------- C:\Program Files\SimpleCenter
    2006-11-19 19:32 <KANSIO> d-------- C:\Program Files\Common Files\i4j_jres
    2006-11-18 20:37 571,696 --a------ C:\WINDOWS\LegitCheckControl.dll
    2006-11-18 20:37 3,584 --a------ C:\WINDOWS\WgaLogon.dll
    2006-11-17 18:58 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
    2006-11-17 18:57 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
    2006-11-17 18:56 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
    2006-11-17 18:56 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
    2006-11-17 18:56 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
    2006-11-17 18:56 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
    2006-11-17 18:56 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2006-11-17 18:56 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2006-11-17 11:29 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2006-11-17 11:27 <KANSIO> d-------- C:\Program Files\MessengerPlus! 3
    2006-11-17 11:18 <KANSIO> d-------- C:\Program Files\MSN Messenger
    2006-11-16 15:26 <KANSIO> d-------- C:\Program Files\MSXML 4.0
    2006-11-16 15:26 <KANSIO> d-------- C:\11c5c9a3c86406a62d84
    2006-11-11 22:01 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
    2006-11-11 19:01 <KANSIO> d-------- C:\Program Files\Azureus
    2006-11-11 19:01 <KANSIO> d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Azureus
    2006-11-10 11:53 <KANSIO> d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Help
    2006-11-10 11:46 86,016 --a------ C:\WINDOWS\system32\CNMCP5y.exe
    2006-11-10 11:46 7,680 --a------ C:\WINDOWS\system32\CNMVS5y.DLL
    2006-11-10 11:46 116,736 --a------ C:\WINDOWS\system32\CNMLM5y.DLL
    2006-11-10 11:46 <KANSIO> d--h----- C:\BJPrinter
    2006-11-10 11:25 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2006-11-05 19:43 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2006-11-05 19:43 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2006-11-05 19:43 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2006-11-05 19:43 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2006-11-05 19:43 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2006-11-05 19:43 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2006-11-04 19:38 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
    2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-11-03 10:56 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe
    2006-10-23 18:19 <KANSIO> d-------- C:\Program Files\NewSoft
    2006-10-21 22:47 <KANSIO> d-------- C:\Program Files\DAEMON Tools
    2006-10-21 22:23 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2006-10-21 18:43 <KANSIO> d-------- C:\Program Files\TomTom HOME
    2006-10-21 18:43 <KANSIO> d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\InstallShield


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-21 19:33 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-11-19 19:32 -------- d-------- C:\Program Files\Common Files
    2006-11-17 19:19 -------- d---s---- C:\Documents and Settings\Miika Merij„rvi\Application Data\Microsoft
    2006-11-17 19:19 -------- d-------- C:\Program Files\Common Files\Nokia
    2006-11-17 19:18 -------- d-------- C:\Program Files\Nokia
    2006-11-17 19:10 -------- d-------- C:\Program Files\Radeon Omega Drivers
    2006-11-17 19:08 -------- d-------- C:\Program Files\Common Files\Ahead
    2006-11-17 18:58 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Nokia
    2006-11-17 11:19 -------- d-------- C:\Program Files\ffdshow
    2006-11-16 15:25 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-11 22:20 -------- d-------- C:\Program Files\DC++
    2006-11-11 21:58 -------- d-------- C:\Program Files\Winamp
    2006-11-10 11:26 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Adobe
    2006-11-04 19:37 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-11-03 10:57 -------- d-------- C:\Program Files\MultiRes
    2006-10-29 19:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-29 18:20 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Macromedia
    2006-10-27 09:15 -------- d-------- C:\Program Files\Java
    2006-10-23 18:19 -------- d-------- C:\Program Files\Common Files\NewSoft
    2006-10-21 22:43 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2006-10-18 09:40 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\PC Suite
    2006-10-13 14:37 65536 --a------ C:\WINDOWS\system32\nwwks.dll
    2006-10-13 14:37 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
    2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-13 12:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
    2006-10-11 18:26 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
    2006-10-11 18:26 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
    2006-10-11 18:26 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
    2006-10-11 18:26 153088 --a------ C:\WINDOWS\system32\p2p.dll
    2006-10-11 18:26 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
    2006-10-11 18:26 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
    2006-10-10 08:54 50688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
    2006-10-08 21:24 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\AdobeUM
    2006-10-08 16:49 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2006-10-08 16:48 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-10-08 16:46 -------- d-------- C:\Program Files\Adobe
    2006-10-08 15:19 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Datalayer
    2006-10-08 11:34 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Sun
    2006-10-08 11:27 -------- d-------- C:\Program Files\Common Files\Java
    2006-10-07 13:05 -------- d-------- C:\Program Files\Launch Manager
    2006-10-07 12:44 -------- d-------- C:\Program Files\DIFX
    2006-10-07 11:29 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Ahead
    2006-10-06 16:51 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-10-06 16:50 62 --ahs---- C:\Documents and Settings\Miika Merij„rvi\Application Data\desktop.ini
    2006-10-06 16:50 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-10-06 16:20 -------- d-------- C:\Program Files\Windows Media Player
    2006-10-06 15:59 -------- d-------- C:\Program Files\Diskeeper Corporation
    2006-10-06 15:48 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Leadertech
    2006-10-06 15:21 -------- d-------- C:\Program Files\Messenger
    2006-10-06 15:13 -------- d-------- C:\Program Files\F-Secure
    2006-10-06 15:08 -------- d-------- C:\Program Files\Outlook Express
    2006-10-06 15:08 -------- d-------- C:\Program Files\Common Files\System
    2006-10-06 15:05 -------- d-------- C:\Program Files\Nero
    2006-10-06 14:56 -------- d-------- C:\Program Files\CONEXANT
    2006-10-06 14:50 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Mozilla
    2006-10-06 14:44 -------- d-------- C:\Program Files\Realtek AC97
    2006-10-06 14:43 -------- d-------- C:\Program Files\Synaptics
    2006-10-06 14:42 -------- d-------- C:\Program Files\Broadcom
    2006-10-06 14:38 -------- d-------- C:\Program Files\AMD
    2006-10-06 14:37 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-10-06 14:35 -------- d-------- C:\Program Files\Acer Inc
    2006-10-06 14:34 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2006-10-06 14:34 -------- d-------- C:\Program Files\Atheros
    2006-10-06 14:34 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\BSplayer Pro
    2006-10-06 14:33 -------- d-------- C:\Program Files\Webteh
    2006-10-06 14:32 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Winamp
    2006-10-06 14:29 107132 --a------ C:\WINDOWS\UninstallFirefox.exe
    2006-10-06 14:24 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\F-Secure
    2006-10-06 14:23 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Logitech
    2006-10-06 14:22 -------- d-------- C:\Program Files\Common Files\Cisco Systems
    2006-10-06 14:22 -------- d-------- C:\Program Files\Cisco Systems
    2006-10-06 14:21 118842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
    2006-10-06 14:20 -------- d-------- C:\Program Files\WinRAR
    2006-10-06 14:14 -------- d-------- C:\Program Files\Logitech
    2006-10-06 14:14 -------- d-------- C:\Program Files\Common Files\Logitech
    2006-10-06 14:09 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.273 Uninstall.exe
    2006-10-06 14:07 -------- d-------- C:\Documents and Settings\Miika Merij„rvi\Application Data\Identities
    2006-10-06 14:06 -------- d--h----- C:\Program Files\Uninstall Information
    2006-10-06 14:02 0 -rahs---- C:\MSDOS.SYS
    2006-10-06 14:02 0 -rahs---- C:\IO.SYS
    2006-10-06 14:02 0 --a------ C:\CONFIG.SYS
    2006-10-06 14:02 0 --a------ C:\AUTOEXEC.BAT
    2006-10-06 14:02 -------- d-------- C:\Program Files\xerox
    2006-10-06 14:02 -------- d-------- C:\Program Files\microsoft frontpage
    2006-10-06 14:00 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-10-06 14:00 -------- d-------- C:\Program Files\Online Services
    2006-10-06 13:59 -------- d-------- C:\Program Files\NetMeeting
    2006-10-06 13:59 -------- d-------- C:\Program Files\Movie Maker
    2006-10-06 13:59 -------- d-------- C:\Program Files\Common Files\Services
    2006-10-06 13:59 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-10-06 13:57 -------- d-------- C:\Program Files\Windows NT
    2006-10-06 13:57 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-10-02 13:44 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-08-25 17:49 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-25 05:47 129784 --------- C:\WINDOWS\system32\pxafs.dll
    2006-08-25 05:47 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
    2006-08-23 05:11 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
    2006-08-23 04:53 260096 --a------ C:\WINDOWS\system32\ati2dvag.dll
    2006-08-23 04:47 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
    2006-08-23 04:46 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
    2006-08-23 04:46 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
    2006-08-23 04:46 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
    2006-08-23 04:46 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
    2006-08-23 04:45 413696 --a------ C:\WINDOWS\system32\ati2evxx.exe
    2006-08-23 04:44 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
    2006-08-23 04:38 2401984 --a------ C:\WINDOWS\system32\ati3duag.dll
    2006-08-23 04:33 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
    2006-08-23 04:33 2510752 --a------ C:\WINDOWS\system32\ativvaxx.dll
    2006-08-23 04:27 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
    2006-08-23 04:24 5140480 --a------ C:\WINDOWS\system32\atioglxx.dll
    2006-08-23 04:21 221184 --a------ C:\WINDOWS\system32\atikvmag.dll
    2006-08-23 04:19 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
    2006-08-23 04:14 290816 --a------ C:\WINDOWS\system32\ati2cqag.dll
    2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AtiPTA"="atiptaxx.exe"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    "F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
    "F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
    "ACU"="\"C:\\Program Files\\Atheros\\ACU.exe\" -nogui"
    "LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
    "PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
    "LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
    "CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
    "LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
    "Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
    "Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "MsmqIntCert"="regsvr32 /s mqrt.dll"
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
    @=""
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "URemote"="C:\\Program Files\\NewSoft\\Presto! PVR\\URemote.exe"
    "ChangeFilterMerit"="C:\\Program Files\\NewSoft\\Presto! PVR\\ChangeFilterMerit.exe"
    "Presto! PVR Monitor"="C:\\Program Files\\NewSoft\\Presto! PVR\\Monitor.exe"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Scheduled scanning task.job

    Completion time: 06-11-21 19:36:30.70
    C:\ComboFix.txt ... 06-11-21 19:36
     
    Nispri, 21.11.2006
    #4
  6. Hujo

    Hujo Guest

    C:\Documents and Settings\Miika Merijärvi\Työpöytä\HijackThis.exe nimeä uudestaan vaikka > Pommi.exe

    lataa eScan http://koti.mbnet.fi/pattaya1/escanmwav.htm
    Ohjeet sivulla.

    lähetä:
    Escan virusloki alaluukusta
    uusi Hjt-loki
     
    Hujo, 21.11.2006
    #5
  7. Nispri

    Nispri Member

    Liittynyt:
    09.08.2005
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    elikkä tässä tarvittavat tiedot:

    File C:\Program Files\DAEMON Tools\SetupDTSB.exe tagged as not-a-virus:AdTool.Win32.WhenU.a. No Action Taken.
    File C:\Program Files\Nero\Nero 7\cmdow.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.



    Logfile of HijackThis v1.99.1
    Scan saved at 18:16:13, on 23.11.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
    C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Atheros\ACU.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\NewSoft\Presto! PVR\URemote.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\DOCUME~1\MIIKAM~1\LOCALS~1\Temp\RtkBtMnt.EXE
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\scan\mwavscan.com
    C:\scan\kavss.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Miika Merijärvi\Työpöytä\pommi.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [URemote] C:\Program Files\NewSoft\Presto! PVR\URemote.exe
    O4 - HKLM\..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe
    O4 - HKLM\..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{77479679-75A8-494D-BDE0-6A08474F4B14}: NameServer = 192.168.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Cisco Trust Agent (ctad) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
    O23 - Service: Cisco Trust Agent Event Logging Service (ctalogd) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

     
    Nispri, 23.11.2006
    #6
  8. Nispri

    Nispri Member

    Liittynyt:
    09.08.2005
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    Uusi huomio on että, jos kone ei saa yhteyttä nettiin niin se toimii normaalisti eli netillä on jotain osuutta asiaan...
     
    Nispri, 24.11.2006
    #7
  9. Hujo

    Hujo Guest

    Hujo, 24.11.2006
    #8
  10. Nispri

    Nispri Member

    Liittynyt:
    09.08.2005
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    kyllä siitä vähän oli apua mutta edelleen kone jumittaa vähäksi aikaa, mutta kiitoksia avusta:)
     
    Nispri, 24.11.2006
    #9
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu