1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Vundo plus jotain muuta

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi EDYSTERi 10.09.2008.

  1. EDYSTERi

    EDYSTERi Guest

    Mikäs tossa nyt on ku laitan scan my computer alkaa tarkistaa tiedostoi mut scanned folders pysyy 0 ja jos koitan scan folder ni tarkistaa pirun hitaasti.
     
  2.  
  3. Hujo

    Hujo Guest

    ookos laitanut noi kohdat mitä ohjeessa on.

    on sulla tota kamaakin koneella
     
  4. EDYSTERi

    EDYSTERi Guest

    Oon laittanu ja joo on vähäsen ku 2 tuntii meni malwarebytesil. Eilen viel kävi muutamas minuutis ton mut nyt ei vaa toimi.
     
  5. Hujo

    Hujo Guest

    scannaa uusi hjt:n loki

    scannaa uusi combofix loki

    Rupee pikku hiljaan tuntuun että vistan käyttöjärjestelmä on saanut siipeensä. Taitaa tulla pian eteen tuo Formatointi

    Kai olet Valvojan oikeuksilla koneessa sisällä.

    Montaas kieltä hallitset?





     
  6. EDYSTERi

    EDYSTERi Guest

    Joo oon valvojanoikeuksilla ja englanti menee suomen lisäks melko hyvin. Nyt kyl vaikuttaa et ei ois enää mitään virusta muuten paitsi mitä nyt vähän tökkii. Ponnahusikkunat kadonnu ainaki.
     
  7. Hujo

    Hujo Guest

    katelin vain tuota

    Microsoft Office Proof
    muutama turha kielipaketti silloin
    muttta ei kannata poistaa voi vaikka ottaa siintä siipeeen.

    ======================

    Tyhjennä Malwarebytes' Anti-Malware karanteeni

    ===================

    Tyhjennä nortonin karanteeni

    ==================

    Poista SmitfraudFix koneelta

    ==================

    Kirjoita suorita kohtaan

    Combofix.exe /u

    paina Ok

    ==================

    Poista roskat
     
  8. EDYSTERi

    EDYSTERi Guest

    combofix loki:

    ComboFix 08-09-12.07 - eDy 2008-09-13 14:34:07.7 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.282 [GMT 3:00]
    Sijainti: C:\Users\eDy\Desktop\Downloads\ComboFix.exe
    * Uusi palautuspiste luotu
    .

    ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-13 to 2008-09-13 )))))))))))))))))
    .

    2008-09-13 13:11 . 2008-09-13 13:13 <KANSIO> d-------- C:\Program Files\Java
    2008-09-13 13:11 . 2008-09-13 13:11 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2008-09-12 21:56 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-09-12 19:48 . 2008-09-12 19:48 <KANSIO> d-------- C:\Program Files\CCleaner
    2008-09-11 22:00 . 2008-09-11 22:00 691 --a------ C:\Users\eDy\AppData\Roaming\GetValue.vbs
    2008-09-11 22:00 . 2008-09-11 22:00 35 --a------ C:\Users\eDy\AppData\Roaming\SetValue.bat
    2008-09-11 17:02 . 2008-09-11 22:00 3,426 --a------ C:\Windows\System32\tmp.reg
    2008-09-11 15:02 . 2008-09-11 15:29 <KANSIO> d-------- C:\Program Files\MicroAV
    2008-09-11 15:01 . 2008-09-11 15:01 86,016 --a------ C:\Windows\System32\qfulihyl.exe
    2008-09-10 21:51 . 2008-09-10 21:51 102,400 --a------ C:\Windows\System32\lidobmnk.exe
    2008-09-10 21:07 . 2008-09-10 21:07 102,400 --a------ C:\Windows\System32\yjqnodoj.exe
    2008-09-10 20:11 . 2008-09-13 00:47 <KANSIO> d-------- C:\ProgramData\nsfubuns
    2008-09-10 20:11 . 2008-09-10 20:11 94,208 --a------ C:\Windows\System32\uhenoxgx.exe
    2008-09-10 15:24 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
    2008-09-10 15:24 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
    2008-09-10 15:24 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
    2008-09-10 15:24 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
    2008-09-10 15:24 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-09-10 15:24 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll
    2008-09-10 15:24 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll
    2008-09-10 15:23 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-09-10 15:23 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
    2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\QuickTime
    2008-09-09 23:04 . 2008-09-09 23:04 <KANSIO> d-------- C:\Program Files\Common Files\Apple
    2008-09-09 23:03 . 2008-09-09 23:03 <KANSIO> d-------- C:\ProgramData\Apple Computer
    2008-09-07 16:31 . 2008-09-07 16:31 156 --a------ C:\Windows\Twunk001.MTX
    2008-09-07 16:31 . 2008-09-07 16:31 2 --a------ C:\Windows\Twain001.Mtx
    2008-09-07 16:31 . 2008-09-07 16:31 0 --a------ C:\Windows\Twunk002.MTX
    2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
    2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
    2008-09-04 00:45 . 2008-09-04 00:47 <KANSIO> d-------- C:\Users\eDy\AppData\Roaming\SPORE
    2008-09-03 14:59 . 2008-09-03 14:59 <KANSIO> d-------- C:\ProgramData\Electronic Arts
    2008-09-03 14:59 . 2008-09-04 15:01 10,940 --a------ C:\Windows\System32\ealregsnapshot1.reg
    2008-08-31 16:08 . 2008-08-31 16:08 <KANSIO> d-------- C:\ProgramData\FLEXnet
    2008-08-31 16:03 . 2008-08-31 16:03 <KANSIO> d-------- C:\ProgramData\ALM
    2008-08-28 00:03 . 2008-08-28 00:03 42,320 --a------ C:\Windows\System32\xfcodec.dll
    2008-08-26 15:18 . 2008-08-26 15:18 <KANSIO> d-------- C:\Program Files\GALA-NET
    2008-08-26 00:05 . 2008-07-19 08:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-08-26 00:05 . 2008-07-19 06:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-08-26 00:05 . 2008-07-19 08:09 563,912 --a------ C:\Windows\System32\wuapi.dll
    2008-08-26 00:05 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-08-26 00:05 . 2008-07-19 06:44 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-08-26 00:05 . 2008-07-19 08:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-08-26 00:05 . 2008-07-19 08:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-08-26 00:05 . 2008-07-19 08:10 36,552 --a------ C:\Windows\System32\wups.dll
    2008-08-26 00:05 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-08-23 06:47 . 2008-08-23 06:47 86,523 --a------ C:\Windows\WinVerCheck.exe
    2008-08-14 20:09 . 2008-07-16 04:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-14 19:26 . 2008-06-27 04:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-14 19:26 . 2008-06-27 07:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-14 19:26 . 2008-04-10 08:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-14 19:26 . 2008-06-19 06:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-14 19:26 . 2008-04-18 08:48 269,312 --a------ C:\Windows\System32\es.dll

    .
    (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-13 11:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 11:08 --------- d-----w C:\Program Files\Steam
    2008-09-12 18:56 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-12 13:35 --------- d-----w C:\Users\eDy\AppData\Roaming\Xfire
    2008-09-12 13:34 --------- d-----w C:\Users\eDy\AppData\Roaming\uTorrent
    2008-09-12 11:57 --------- d-----w C:\ProgramData\Xfire
    2008-09-11 19:43 --------- d-----w C:\ProgramData\Microsoft Help
    2008-09-10 15:10 --------- d-----w C:\Program Files\Common Files\Steam
    2008-09-09 21:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
    2008-09-08 00:15 --------- d-----w C:\Users\eDy\AppData\Roaming\mIRC
    2008-09-07 20:58 --------- d-----w C:\Users\eDy\AppData\Roaming\LimeWire
    2008-09-07 20:35 --------- d-----w C:\Program Files\mIRC
    2008-09-07 13:31 --------- d---a-w C:\ProgramData\TEMP
    2008-09-07 13:30 --------- d-----w C:\Program Files\Fraps
    2008-09-04 16:10 --------- d-----w C:\Program Files\Xfire
    2008-09-03 21:34 --------- d-----w C:\Program Files\Electronic Arts
    2008-09-03 12:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-08-30 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-30 21:07 --------- d-----w C:\Program Files\Winamp
    2008-08-18 17:26 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-14 17:49 --------- d-----w C:\Program Files\Windows Mail
    2008-08-13 11:51 --------- d-----w C:\Program Files\ATI
    2008-08-10 12:05 --------- d-----w C:\ProgramData\Codemasters
    2008-08-10 12:01 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
    2008-08-10 12:01 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
    2008-08-10 12:01 --------- d-----w C:\Program Files\OpenAL
    2008-08-09 18:45 --------- d-----w C:\ProgramData\Apple
    2008-08-09 18:45 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-04 22:50 --------- d-----w C:\ProgramData\Symantec
    2008-08-02 13:58 --------- d-----w C:\Program Files\Boris FX, Inc
    2008-07-31 17:17 --------- d-----w C:\Program Files\VASST
    2008-07-31 17:15 --------- d-----w C:\Program Files\Sonic Foundry
    2008-07-31 17:15 --------- d-----w C:\Program Files\DebugMode
    2008-07-31 07:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
    2008-07-31 07:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
    2008-07-31 07:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-30 14:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-07-30 14:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-07-30 14:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
    2008-07-27 23:45 --------- d-----w C:\Users\eDy\AppData\Roaming\Hamachi
    2008-07-27 10:27 --------- d-----w C:\Program Files\LimeWire
    2008-07-26 11:52 --------- d-----w C:\Program Files\DC++
    2008-07-26 10:04 --------- d-----w C:\Program Files\uTorrent Acceleration Tool
    2008-07-26 10:03 --------- d-----w C:\Program Files\LimeWire(2)
    2008-07-24 09:40 --------- d-----w C:\Program Files\AGEIA Technologies
    2008-07-24 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-23 10:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-07-23 10:44 --------- d-----w C:\Users\eDy\AppData\Roaming\teamspeak2
    2008-07-23 00:38 --------- d-----w C:\Program Files\Bonjour
    2008-07-23 00:25 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
    2008-07-21 23:50 --------- d-----w C:\Users\eDy\AppData\Roaming\Winamp
    2008-07-21 21:38 --------- d-----w C:\Program Files\Audacity
    2008-07-21 17:00 --------- d-----w C:\ProgramData\TrackMania United
    2008-07-21 11:35 --------- d-----w C:\Program Files\TrackMania United
    2008-07-20 20:31 --------- d-----w C:\Program Files\IDoser v4
    2008-07-18 03:33 --------- d-----w C:\ProgramData\TrackMania
    2008-07-16 12:48 --------- d-----w C:\ProgramData\WindowsSearch
    2008-07-16 10:36 --------- d-----w C:\ProgramData\River Past G5
    2008-07-12 05:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
    2008-07-12 05:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
    2008-07-12 05:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
    2008-07-09 18:30 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-07-09 18:27 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
    2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
    2008-06-19 20:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-06-19 20:31 315,392 ----a-w C:\Windows\HideWin.exe
    2008-06-19 18:43 174 --sha-w C:\Program Files\desktop.ini
    2008-06-19 15:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-19 15:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-13 10:52 6,183,456 ----a-w C:\Windows\RtHDVCpl.exe
    2008-05-12 12:40 22,328 ----a-w C:\Users\eDy\AppData\Roaming\PnkBstrK.sys
    2008-01-29 18:10 47,360 ----a-w C:\Users\eDy\AppData\Roaming\pcouffin.sys
    2008-01-26 12:05 81,920 ----a-w C:\Users\eDy\AppData\Roaming\ezpinst.exe
    2007-12-23 22:35 808,448 --sh--r C:\Windows\odbconf.exe
    2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-13 12:35 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    2008-03-13 12:37 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    2008-03-13 12:37 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    2008-03-13 12:35 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-05-20 10:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051220080519\index.dat
    2008-05-26 10:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008051920080526\index.dat
    2008-05-26 10:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052620080527\index.dat
    2008-05-27 10:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052720080528\index.dat
    2008-05-28 10:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052820080529\index.dat
    2008-05-30 08:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053020080531\index.dat
    2008-06-01 10:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060120080602\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-12_21.27.14.61 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-09-12 17:00:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-09-13 09:46:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-09-12 17:00:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-09-13 09:46:09 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-09-12 17:04:04 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-09-13 09:48:17 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    - 2008-09-12 17:03:52 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-09-13 09:49:06 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    - 2008-09-12 18:08:42 229,376 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-09-13 11:00:21 229,376 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-09-12 18:08:42 1,933,312 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-13 11:00:21 1,933,312 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-09-12 18:08:42 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-09-13 11:00:21 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-09-12 18:15:55 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-09-13 11:34:00 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-09-13 11:34:00 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-02-21 23:23:35 135,168 ----a-w C:\Windows\System32\java.exe
    + 2008-06-09 22:21:01 135,168 ----a-w C:\Windows\System32\java.exe
    - 2008-02-21 23:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
    + 2008-06-09 22:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
    - 2008-02-22 00:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
    + 2008-06-09 23:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
    - 2008-09-12 17:04:08 13,868 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2223133414-1777158752-3304994779-1002_UserData.bin
    + 2008-09-12 18:53:34 14,050 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2223133414-1777158752-3304994779-1002_UserData.bin
    - 2008-09-12 17:04:07 78,206 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-09-12 21:49:56 78,272 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-09-12 11:51:37 59,492 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-09-13 09:49:44 59,840 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 C:\Windows\RtHDVCpl.exe]

    C:\Users\eDy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-12-13 557568]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    "UpdatesDisableNotify"="0x00000000"
    "AntiVirusDisableNotify"="0x00000000"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{6DE4EF4D-504D-414B-B1BD-EA857B9B8EA1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{D26A1AB5-3DC8-41EC-BE73-E60A14C89BE6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{0F14D24A-D0E7-43D8-9718-D0DFA8336490}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{AEAA3492-DAF6-429D-966D-3C14705A9575}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{9F75219E-E733-4560-9EEB-AF6F3B8045D1}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{9F5140EC-EA46-4050-A949-77C6675A0AAA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{798DB3DE-D704-42B5-82D5-AABD5BC5806E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{80DAF794-CF15-4783-B4B7-7BDB0A3D96A4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{3AD1C762-6D2F-4F9E-AC3F-64D794BDB041}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{12F5DA58-918C-4739-99EE-39E5ABD9604C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{5FF56F9D-7148-4B88-8E55-881FD36E119D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{41D88386-1868-4B7B-AE1B-6224121BB070}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{AAA1AC87-95D1-4A5E-9E84-B89E03817C0C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{3E6B9D4F-CBFB-41A0-97A9-08E2B7519B7F}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{5B95B573-C6C8-4FB8-B4CE-181F77E62F22}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{E62A8DF0-5B32-4F7E-8C57-BE0C778D0BB3}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= UDP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
    "UDP Query User{F33B5F75-0BEB-48D4-AB5B-75960117A640}C:\\program files\\trackmania sunrise\\tmsunrise.exe"= TCP:C:\program files\trackmania sunrise\tmsunrise.exe:TmSunrise
    "TCP Query User{3E11A1C9-94ED-4E30-B37E-F2A4CF4C9AF2}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exe:pandora
    "UDP Query User{187EAD21-5932-47CE-BB51-4DA8614789B6}C:\\program files\\[pc] splinter cell pandora tomorrow [rip] [dopeman]\\scpd\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\[pc] splinter cell pandora tomorrow [rip] [dopeman]\scpd\splinter cell pandora tomorrow\pandora.exe:pandora
    "TCP Query User{CAA333D1-670A-42CA-BAF5-19351043585A}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= UDP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
    "UDP Query User{547E73C9-8561-4BC6-AF97-0EAE0A405858}C:\\users\\edy\\appdata\\local\\xenocode\\appliancecaches\\kumaclient.exe_v71b24f3e\\native\\stubexe\\@programfiles@\\kuma games\\kuma.exe"= TCP:C:\users\edy\appdata\local\xenocode\appliancecaches\kumaclient.exe_v71b24f3e\native\stubexe\@programfiles@\kuma games\kuma.exe:kuma.exe
    "TCP Query User{A2BDBE65-7DD8-4F50-BBFA-67BA538B1D50}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{46736481-5D1C-46F0-BF0C-1785D9DA44C0}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{1724A2D6-38C2-46E6-8A1E-CE9655A9905B}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{9891D4A0-A8C9-4EED-A1E6-CD7A7769E72D}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{9F4BC339-CBD5-406C-8442-D2D91F2126F4}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
    "UDP Query User{FCA40045-0385-4845-B2C0-DE8EFECE0362}C:\\program files\\steam\\steamapps\\ts0mpi\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\day of defeat\hl.exe:Half-Life Launcher
    "TCP Query User{270DEB84-E739-47E0-8BE2-61037403BC36}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET
    "UDP Query User{BCD5039E-D69D-4E7C-BDB0-FF0CBFA8F70E}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET
    "{FB4D5CBA-10FC-4F29-9679-2D161465CBD2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{52BBAB77-A961-4605-BF39-308CA8F42726}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
    "UDP Query User{3D046931-D84E-4957-8E5A-8C613D7A99AB}C:\\program files\\steam\\steamapps\\ts0mpi\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\team fortress 2\hl2.exe:hl2
    "TCP Query User{9F1CFA65-E334-4CB3-8771-D30ED9DEA41E}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
    "UDP Query User{4141FADE-38D6-425B-90CA-D5F51C7414CE}C:\\program files\\steam\\steamapps\\ts0mpi\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\source sdk base\hl2.exe:hl2
    "TCP Query User{FEC3BB70-064E-4818-B824-89B0B9B459A4}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
    "UDP Query User{75093C78-3FB3-4170-AF31-FB94A800E8A8}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
    "TCP Query User{FDC87E98-388D-40B3-80D6-26CC29409717}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
    "UDP Query User{0F6A8421-C83E-4A62-BB1C-2394577CFB02}C:\\program files\\steam\\steamapps\\ts0mpi\\half-life 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\half-life 2\hl2.exe:hl2
    "TCP Query User{62334EED-A011-4A3C-9852-F403B295891A}C:\\windows\\system32\\rxbot2.exe"= UDP:C:\windows\system32\rxbot2.exe:rxbot2
    "UDP Query User{EC9EF5C7-2A8E-4348-961A-A092886AAD8F}C:\\windows\\system32\\rxbot2.exe"= TCP:C:\windows\system32\rxbot2.exe:rxbot2
    "TCP Query User{957C8E02-2BE8-4A2B-9A1F-810AAEC206E5}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "UDP Query User{0DB1F23A-B03B-4943-9A5C-323AC36C109E}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "TCP Query User{44C1870D-5475-411A-BFB2-E8646DA5F3CD}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= UDP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
    "UDP Query User{FE173293-B7B2-4446-8604-2DCD233B49C4}C:\\users\\edy\\desktop\\downloads\\cabaltemp\\estsetuploader.exe"= TCP:C:\users\edy\desktop\downloads\cabaltemp\estsetuploader.exe:estsetuploader.exe
    "TCP Query User{DA206DEC-5B07-4992-AD1F-120922B7B68F}C:\\windows\\system32\\wuamgrd.exe"= UDP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "UDP Query User{087B9389-EAB2-4C2B-961E-AD3A937BE263}C:\\windows\\system32\\wuamgrd.exe"= TCP:C:\windows\system32\wuamgrd.exe:wuamgrd
    "{B540D59B-B442-47DE-959C-D1D403CFDD71}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{185E76E3-870F-4457-BE2D-6E1A819E1B70}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "TCP Query User{598CEE78-B17D-4541-BD4A-5731314BCA0D}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{C6BA753F-6DFD-48B0-B223-EC7C144A286C}C:\\program files\\steam\\steamapps\\ts0mpi\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\ts0mpi\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{63ED93EE-A909-486F-9D90-18D356C4A6B2}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
    "UDP Query User{AC32CB46-527A-49D9-860B-136C61474967}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
    "TCP Query User{EF148274-31E4-4DC6-AB35-50687970A7A4}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{F2D28122-7122-4D37-8C3E-A34AF0A8F105}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
    "TCP Query User{64F11094-F81F-4CBA-B4CC-46FA11BE6DCD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
    "UDP Query User{5900BE55-CD12-4C79-8892-C39D9EAAF8DD}C:\\program files\\rainbow six vegas\\rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:C:\program files\rainbow six vegas\rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
    "TCP Query User{C7AE8A31-3B66-47FF-8D36-C0D6D945AF8C}C:\\program files\\e frontier\\poser 7\\poser.exe"= UDP:C:\program files\e frontier\poser 7\poser.exe:poser executable file
    "UDP Query User{81EDF152-C02D-481D-A374-AD6EC7F06F85}C:\\program files\\e frontier\\poser 7\\poser.exe"= TCP:C:\program files\e frontier\poser 7\poser.exe:poser executable file
    "TCP Query User{B5165048-77AC-4CDD-8F1F-D2184E0B5127}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= UDP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
    "UDP Query User{1FF480FE-9D76-41B5-ADA9-D06BBD323C73}C:\\program files\\walaber's trampoline\\bin\\release\\trampolinegame.exe"= TCP:C:\program files\walaber's trampoline\bin\release\trampolinegame.exe:TrampolineGame
    "{6D10385D-F158-429E-869D-CA6DC8A4686B}"= UDP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{A98DDC02-7B32-4973-B34B-E083BA9AAF15}"= TCP:C:\Windows\System32\PnkBstrA.exe:pnkBstrA
    "{D6D09900-76C4-4C3A-8E39-5D05EBC74E80}"= UDP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{955F1414-05D1-426A-A663-9F68DD06A8DC}"= TCP:C:\Windows\System32\PnkBstrB.exe:pnkBstrB
    "{E6FC0035-7F98-4C06-9D0E-D95E595B8E6C}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{E5A6D4C8-58DB-4CDD-988F-5DB0DA7CA99F}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{10F1FF13-7399-4362-818F-9B37EA841F90}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "{DA3B9536-18ED-4B9C-ABEF-43885DCFE724}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "TCP Query User{6E382DEC-44BF-41FA-AA27-332099A38221}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
    "UDP Query User{1FD3E02A-AA52-417B-AF28-3033268A4B75}C:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
    "TCP Query User{AA0A43B3-F79B-4D73-A6EF-F6E214ED42FA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{1526C467-66B4-420A-992B-B527E7246308}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{0099635C-4701-4D06-938E-952D22D096FD}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= UDP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
    "UDP Query User{714D4099-F9F3-4EAF-B034-BBA0E91171CE}C:\\program files\\ut2004\\ut2004\\system\\ut2004.exe"= TCP:C:\program files\ut2004\ut2004\system\ut2004.exe:UT2004
    "TCP Query User{CFB10CFF-CBD6-4C5C-9D1D-C51643D8C6D9}C:\\program files\\id software\\quake 4\\quake4ded.exe"= UDP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
    "UDP Query User{5AFE1615-C6B5-4F30-AF7B-DC0C5BC5BDED}C:\\program files\\id software\\quake 4\\quake4ded.exe"= TCP:C:\program files\id software\quake 4\quake4ded.exe:Quake 4
    "{35CDD6A8-35E4-49A9-8591-B857824DF2A1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{1046B40D-12A5-49C7-8550-C977653B20A8}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{BE9F02C3-9306-46D1-80C0-BF3880E45AF8}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{77628A07-FB76-42BD-811F-85AA6B12F47F}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{AB3C9EB8-3396-4A91-B823-C61AAC4932F9}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{60F9669C-AE0F-4B71-87C4-D239F8207E7D}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
    "{AA89A1F9-6571-4D0F-B289-314351F46CB1}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071204.001\IDSvix86.sys [2007-11-06 180272]
    R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-22 554616]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-05-13 43520]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 37936]
    R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
    S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-15 816512]
    S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-10 92656]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \shell\AutoRun\command - J:\OblivionLauncher.exe

    *Newly Created Service* - COMHOST
    .
    'Ajoitetut tehtävät'-kansion sisältö
    .
    .
    ------- Täydentävä tarkistus -------
    .
    FireFox -: Profile - C:\Users\eDy\AppData\Roaming\Mozilla\Firefox\Profiles\q2prvqpp.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - afterdawn.fi
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-13 14:40:00
    Windows 6.0.6001 Service Pack 1 NTFS

    tarkistaa piilotettuja prosesseja ...

    tarkistaa piilotettuja käynnistysarvoja ...

    tarkistaa piilotettuja tiedostoja ...

    tarkistus on valmis
    piilotetut tiedostot: 0

    **************************************************************************
    .
    Valmistumisajankohta: 2008-09-13 14:43:29
    ComboFix-quarantined-files.txt 2008-09-13 11:43:17
    ComboFix2.txt 2008-09-12 18:28:24

    Pre-Run: 229,687,013,376 tavua vapaana
    Post-Run: 229,700,435,968 tavua vapaana

    373 --- E O F --- 2008-09-11 19:46:27


    hjt loki:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:44, on 2008-09-13
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ktfacl.dll dzvyyh.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 9193 bytes
     
  9. EDYSTERi

    EDYSTERi Guest

    Nyt on poistttu ja karanteenit tyhjenntty vois ton Nortoninki joskus maksaa uusiks.
     
  10. Hujo

    Hujo Guest

    Poista kansio

    C:\Program Files\MicroAV

    ==============

    Niin tai keventää virustorjuntaa.
    vaikka ilmaiseen ja sille ilmanen palomuuri
     
    Moderaattorin viimeksi muokkaama: 13.09.2008
  11. EDYSTERi

    EDYSTERi Guest

    Katos siel oli semmonenki no nyt o poistettu.
     
  12. Hujo

    Hujo Guest

    No niin mites se kone toimii
     
  13. EDYSTERi

    EDYSTERi Guest

    Hyvinhä tämä kiitti vaa sulle avusta. Fyysinen muisti kyl käytös 80 % koko ajan mut johtuu varmaa taas vistan omista jutuist.
     
  14. Hujo

    Hujo Guest

    Paljos koneessa on sitä keskusmuistia
     
  15. EDYSTERi

    EDYSTERi Guest

    1 giga näköjää oon kyl luullu et 512 =D
     
  16. Hujo

    Hujo Guest

    sen vois nostaa tuohon 2gigaa ja laitaa koneelle kevyempi virustorjunta ja sille palomuuri kaveriksi.

    toimis nopeemin
     
  17. EDYSTERi

    EDYSTERi Guest

    Oon meinannu joo vähäsen kokoo nostaa ei o viel keren. Täytyy tota virustorjunnanki vaihtoa harkita.
     
  18. Hujo

    Hujo Guest

    kyllä se ilmanen virustojunta ajaa saman kuin maksulinenkin ja kyllä netistä tulee se pöpö jos on tullakseen.
     
  19. EDYSTERi

    EDYSTERi Guest

    Jep ja tänkä viruksen alkuperästä mul ei o mitään tietoa.
     
  20. Hujo

    Hujo Guest

    vundoosta smitfraudiin ja haitta ohjelmiin oli koneella .. ja sitten niiten kaverit vielä pippaloissa mukana.
     
  21. EDYSTERi

    EDYSTERi Guest

Jaa tämä sivu