1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Logia uudestaan...

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi mestari 03.07.2007.

  1. mestari

    mestari Regular member

    Liittynyt:
    23.07.2002
    Viestejä:
    805
    Kiitokset:
    0
    Pisteet:
    26
    Eli, kun otan jonkun videotiedoston (bsplayer) valituks (menee siniseksi kuvake), niin alkaa asentamaan Photogallery:ä. Aina saa painaa "peruuta" ennenku pääsee kattoo leffaa. Jotenki liittyy HP:n skanneriin, mutta en ole saanut pois... Joten, onkohan tässä logissa jotain erikoista sitten?

    Logfile of HijackThis v1.99.1
    Scan saved at 0:06:31, on 4.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    F:\Ohjelmat\Sygate\SPF\smc.exe
    F:\Ohjelmat\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    F:\Ohjelmat\UTorrent\uTorrent.exe
    C:\Documents and Settings\eero\Työpöytä\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [InfoPenMSN] "C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SmcService] F:\Ohjelmat\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Ohjelmat\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Ohjelmat\MICROS~1\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - (no file)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Ohjelmat\Sygate\SPF\smc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Ohjelmat\Alcohol 120\StarWind\StarWindServiceAE.exe
     
    mestari, 03.07.2007
    #1
  2.  
  3. Auttaja

    Auttaja Guest

    ei

    Lataa Deckard's System Scanner Työpöydällesi.

    Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

    [*]Sulje kaikki avoimet ikkunat ja ohjelmat.
    [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
    [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
    [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
    [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
     
    Auttaja, 03.07.2007
    #2
  4. mestari

    mestari Regular member

    Liittynyt:
    23.07.2002
    Viestejä:
    805
    Kiitokset:
    0
    Pisteet:
    26
    Skannasin ihan omalla käyttäjällä sit... Ei muuten tullu ku pelkkä main.txt tiedosto..

    main.txt

    Deckard's System Scanner v20070611.50
    Run by eero on 2007-07-04 at 14:20:13
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as eero.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 14:21:50, on 4.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    F:\Ohjelmat\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    F:\Ohjelmat\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Documents and Settings\eero\Työpöytä\dss.exe
    C:\DOCUME~1\eero\TYPYT~1\eero.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [InfoPenMSN] "C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SmcService] F:\Ohjelmat\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Ohjelmat\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Ohjelmat\MICROS~1\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - (no file)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Ohjelmat\Sygate\SPF\smc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Ohjelmat\Alcohol 120\StarWind\StarWindServiceAE.exe


    -- Files created between 2007-06-04 and 2007-07-04 -----------------------------

    2007-07-04 14:03:11 0 d-------- C:\Program Files\Common Files\PCSuite
    2007-07-04 14:03:02 0 d-------- C:\Program Files\Common Files\Nokia
    2007-07-04 14:01:28 0 d-------- C:\Program Files\PC Connectivity Solution
    2007-07-04 13:59:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
    2007-07-04 00:22:35 0 dr-h----- C:\Documents and Settings\eero\Recent
    2007-07-02 23:06:27 0 d-------- C:\Documents and Settings\eero\Application Data\SoundSpectrum
    2007-07-02 23:05:32 0 d-------- C:\Program Files\SoundSpectrum
    2007-07-01 18:21:08 0 d-------- C:\Program Files\The All-Seeing Eye
    2007-06-26 22:00:05 0 d-------- C:\Program Files\Error Repair Professional
    2007-06-26 16:36:00 0 d-------- C:\Program Files\Microsoft IntelliPoint 5.5
    2007-06-26 14:19:41 0 d-------- C:\Program Files\Driver-Soft
    2007-06-25 21:26:18 0 d-------- C:\Documents and Settings\eero\Application Data\Desktop Mechanic
    2007-06-24 19:23:22 0 d-------- C:\Documents and Settings\eero\Phone Browser
    2007-06-24 14:34:08 0 d-------- C:\Documents and Settings\eero\Application Data\Nokia
    2007-06-24 14:32:37 0 d-------- C:\Program Files\DIFX
    2007-06-24 14:31:22 0 d-------- C:\Documents and Settings\eero\Application Data\PC Suite
    2007-06-24 14:31:20 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
    2007-06-24 14:31:04 0 d-------- C:\Program Files\Nokia
    2007-06-24 14:30:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2007-06-24 14:28:02 0 d--hs---- C:\WINDOWS\ftpcache
    2007-06-20 14:27:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
    2007-06-19 23:42:41 0 d-------- C:\Documents and Settings\All Users\Application Data\DFX
    2007-06-18 18:31:24 0 d-------- C:\sisoftsandra
    2007-06-16 12:56:34 0 d-------- C:\Program Files\Windows Installer Clean Up
    2007-06-16 12:56:04 0 d-------- C:\Program Files\MSECACHE
    2007-06-11 17:51:48 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2007-06-10 18:39:22 0 d-------- C:\Program Files\Motorama
    2007-06-08 23:32:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-06-08 15:52:15 0 d-------- C:\Program Files\Windows Live Toolbar
    2007-06-08 15:06:31 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-06-08 15:02:17 0 d-------- C:\Program Files\MSXML 4.0
    2007-06-08 14:12:02 0 d-------- C:\WINDOWS\system32\PreInstall
    2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
    2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
    2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>


    -- Find3M Report ---------------------------------------------------------------

    2007-07-04 14:05:00 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
    2007-07-04 14:04:59 288 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
    2007-07-04 11:21:36 0 dr------- C:\Program Files\eMule
    2007-07-04 07:18:16 0 d-------- C:\Documents and Settings\eero\Application Data\uTorrent
    2007-07-03 23:53:10 0 d-------- C:\Documents and Settings\eero\Application Data\BSplayer Pro
    2007-07-03 19:38:47 0 d-------- C:\Program Files\DC++
    2007-07-02 23:38:00 0 d-------- C:\Program Files\Winamp
    2007-06-16 12:44:35 0 d-------- C:\Program Files\RogueRemover
    2007-06-12 13:50:03 0 d-------- C:\Program Files\themexp
    2007-06-11 18:06:56 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-11 17:45:45 0 d-------- C:\Program Files\PeerGuardian2
    2007-06-10 11:10:56 398024 --a------ C:\WINDOWS\system32\perfh00B.dat
    2007-06-10 11:10:56 84378 --a------ C:\WINDOWS\system32\perfc00B.dat
    2007-06-09 10:29:11 0 d-------- C:\Documents and Settings\eero\Application Data\Lavasoft
    2007-06-08 23:32:33 0 d-------- C:\Program Files\Lavasoft
    2007-06-08 23:31:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-08 23:29:23 0 d-------- C:\Program Files\AC3Filter
    2007-06-08 18:12:13 0 d-------- C:\Program Files\CleanCenter
    2007-06-02 23:52:01 0 d-------- C:\Documents and Settings\eero\Application Data\Kingston
    2007-05-31 17:32:13 0 d-------- C:\Program Files\Java
    2007-05-31 17:31:22 0 d-------- C:\Program Files\Common Files\Java
    2007-05-31 14:15:20 0 d-------- C:\Program Files\PcPrivacySoftware.com
    2007-05-30 10:41:08 0 d-------- C:\Program Files\ECA vrt-disk 2005 patch
    2007-05-28 23:47:45 0 d-------- C:\Program Files\Raxco
    2007-05-28 19:29:15 0 d-------- C:\Documents and Settings\eero\Application Data\Sun
    2007-05-28 16:49:19 10562 --a------ C:\WINDOWS\mozver.dat
    2007-05-27 23:03:26 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
    2007-05-27 22:33:24 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
    2007-05-26 14:48:40 0 d-------- C:\Documents and Settings\eero\Application Data\TrojanHunter
    2007-05-26 14:47:58 0 d-------- C:\Program Files\FinnishIRC XP
    2007-05-26 13:37:33 0 d-------- C:\Program Files\Yahoo!
    2007-05-20 18:43:12 0 d-------- C:\Documents and Settings\eero\Application Data\Vso
    2007-05-19 23:04:25 725929 ---hs---- C:\WINDOWS\system32\sstwa.bak2
    2007-05-19 00:20:18 0 d-------- C:\Program Files\FRISK Software
    2007-05-18 23:02:09 723219 ---hs---- C:\WINDOWS\system32\sstwa.bak1
    2007-05-18 22:46:13 777555 ---hs---- C:\WINDOWS\system32\ihhkj.ini2
    2007-05-18 14:54:18 726663 ---hs---- C:\WINDOWS\system32\ihhkj.bak2
    2007-05-17 00:39:04 0 d-------- C:\Program Files\VstPlugins
    2007-05-16 19:30:02 1431757 ---hs---- C:\WINDOWS\system32\gnfwdrbp.ini2
    2007-05-15 19:49:09 691966 ---hs---- C:\WINDOWS\system32\ihhkj.bak1
    2007-05-12 22:59:30 0 d-------- C:\Program Files\Arturia
    2007-05-11 20:57:04 0 d-------- C:\Program Files\Arovax AntiSpyware
    2007-05-10 18:51:09 108 -----n--- C:\WINDOWS\st32sys.sys
    2007-05-10 14:59:49 0 d-------- C:\Documents and Settings\eero\Application Data\National Instruments
    2007-05-10 14:58:38 0 d-------- C:\Program Files\Common Files\Bcgsoft
    2007-05-09 07:22:33 0 d-------- C:\Program Files\Ajokorttikoulu
    2007-05-06 13:58:07 0 d-------- C:\Program Files\Diskeeper Corporation
    2007-04-26 16:46:16 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
    2007-04-26 16:31:04 512 --a------ C:\ScanSectorLog.dat
    2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
    {E24AD748-155E-4254-B674-4EDF86E7E1DF} C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SoundMan"="SOUNDMAN.EXE"
    "Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
    "InfoPenMSN"="\"C:\\Documents and Settings\\eero\\Omat tiedostot\\Vastaanotetut tiedostot\\InfoPenMSN\\Pro\\InfoPenIM.exe\""
    "CTHelper"="CTHELPER.EXE"
    "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
    "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
    "SmcService"="F:\\Ohjelmat\\Sygate\\SPF\\smc.exe -startgui"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Steam"=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
    "Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "RunStartupScriptSync"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCpl"=dword:00000000
    "DisableChangePassword"=dword:00000000
    "DisableLockWorkstation"=dword:00000000
    "NoDispCpl"=dword:00000000
    "NoDispScrSavPage"=dword:00000000
    "NoDispSettingsPage"=dword:00000000
    "NoVisualStyleChoice"=dword:00000000
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoResolveSearch"=dword:00000001
    "NoLowDiskSpaceChecks"=dword:00000000
    "NoChangeAnimation"=dword:00000000
    "NoStrCmpLogical"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ClearRecentDocsOnExit"=dword:00000000
    "NoSharedDocuments"=hex:00,00,00,00
    "NoSMMyDocs"=dword:00000000
    "NoRecentDocsMenu"=dword:00000000
    "NoSMMyPictures"=dword:00000000
    "NoToolbarCustomize"=dword:00000000
    "NoLowDiskSpaceChecks"=dword:00000000
    "HideClock"=dword:00000000
    "NoManageMyComputerVerb"=dword:00000000
    "NoCDBurning"=dword:00000000
    "NoStartMenuPinnedList"=dword:00000000
    "NoStartMenuMFUprogramsList"=dword:00000000
    "NoUserNameInStartMenu"=dword:00000000
    "StartmenuLogoff"=dword:00000000
    "NoStartMenuSubFolders"=dword:00000000
    "NoCommonGroups"=dword:00000000
    "NoPrinterTabs"=dword:00000000
    "NoDeletePrinter"=dword:00000000
    "NoAddPrinter"=dword:00000000
    "NoPrinters"=dword:00000000
    "NoNetworkConnections"=dword:00000000
    "NoFavoritesMenu"=dword:00000000
    "NoClose"=dword:00000000
    "NoSetFolders"=dword:00000000
    "NoSMHelp"=dword:00000000
    "NoChangeStartMenu"=dword:00000000
    "NoFileMenu"=dword:00000000
    "NoShellSearchButton"=dword:00000000
    "NoRecentDocsNetHood"=dword:00000000
    "NoChangeAnimation"=dword:00000000
    "NoChangeKeyboardNavigationIndicators"=dword:00000000
    "MemCheckBoxInRunDlg"=dword:00000000
    "NoStrCmpLogical"=dword:00000000
    "NoThemesTab"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ClearRecentDocsOnExit"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{a5780613-492e-4a2a-a7fd-549610edf6cc}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
    "backup"="C:\\WINDOWS\\pss\\HP Image Zone -pikakäynnistys.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpqthb08.exe -s"
    "item"="HP Image Zone -pikakäynnistys"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DUMeter"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\DU Meter\\DUMeter.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPWuSchd2"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Language"
    "hkey"="HKLM"
    "command"="F:\\Ohjelmat\\CyberLink\\PowerDVD\\Language\\Language.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PWRISOVM"
    "hkey"="HKLM"
    "command"="F:\\Ohjelmat\\PowerISO\\PWRISOVM.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PDVDServ"
    "hkey"="HKLM"
    "command"="F:\\Ohjelmat\\CyberLink\\PowerDVD\\PDVDServ.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Steam"
    "hkey"="HKCU"
    "command"="F:\\Pelit\\Steam\\Steam.exe -silent"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winampa"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Winamp\\winampa.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SERVICELAYER


    -- End of Deckard's System Scanner: finished at 2007-07-04 at 14:24:04 ---------

     
    mestari, 04.07.2007
    #3
  5. Auttaja

    Auttaja Guest

    jeplokitkunnossa
     
    Auttaja, 04.07.2007
    #4

Jaa tämä sivu