Hyviä välipäiviä. Mulla oli Brobia.A virus koneella ja ilmeisesti sain sen poistettua mutta nyt kone käynnistyessään ilmoittelee runtime erroria 10013 ja 10048. Ja sitten jotain että yrität avata .dll tiedostoja. Näitä kaikkia viestejä tulee 6kpl ja ne kun sulkee niin kaikki toimii taas OK. Jos joku kerkeis kattomaan ton hjt:n että onko siellä jotain ongelmaa. Kiitoksia ja hyvää uutta vuotta kaikille.
Nii ja tietysti auttais paljon ku laittaisin sen hjt:n tänne. Logfile of HijackThis v1.99.1 Scan saved at 10:08:00, on 27.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\TranSmar\bin\TransmartService.exe C:\TranSmar\bin\TransDaemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kamtek Oy\Omat tiedostot\Villen Lataukset\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\RunServices: [Win32] c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\win32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Startup: MSWINSCK.OCX O4 - Startup: stub.exe O4 - Startup: SYSINFO.OCX O4 - Startup: Win32.dll O4 - Startup: win32.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: eLifeWatcher.lnk = C:\Program Files\e-Life Pal\bin\eLifeWatcher.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Muunna Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna linkin kohde Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna linkin kohde nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna valinta Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna valinta nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna valitut linkit Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Muunna valitut linkit nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166172716328 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C87A3AD5-DE8E-4a2e-BF7B-D6BCD419DED1} (EnvivioTV MPEG-4 Source Filter) - http://www.envivio.tv/downloads/EnvivioTV/EnvivioTV-AutomaticInstaller.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TranSmart Server (TranSmartServer) - Unknown owner - C:\TranSmar\bin\TransmartService.exe
Fsecure ei näköjään saa tuota virusta kokonaan poistettua kun taas tänä aamuna oli ilmoitus että koneessa on virus. Fsecure poistaa sen mutta se tulee kuitenkin parin uudellen käynnistyksen jälkeen takaisin nimellä Backdoor.win32.VB.kl ja kun katsoo tarkemmat virus tiedot niin virus on nimeltään Brobia.A. Manuaalisia poisto ohjeitakin on aika nihkeästi.
siirretty hjt-logit alueelle.. Lempo, käytä edit nappia mieluummin kuin että luot uusia viestejä putkeen..
Moi! Aloitetaan.... Siirrä hijackthis.exe omaan kansioon malli: C:\HJT\HijackThis.exe 1. Lataa combofix.exe tiedosto työpöydällesi. 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.(C:\Combofix.txt) Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. Lähetä uusi hjt-loki ja combofix -loki
Huomenta Tomato71. Löysin pari jotain spywarea koneelta ja poistin ne käyttäen Spybottia ja AVG:ta vikasietotilassa mutta viestit käynnistyessä tulee vieläkin. Jos tää kone olis pelkästään kotikoneena ni ei pari pikku viestiä niin haittais mut ku tällä täytyis tehdä jotain hommiakin. Tässä on ne lokit jospa niistä löytyis jotain. Logfile of HijackThis v1.99.1 Scan saved at 7:33:07, on 29.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\TranSmar\bin\TransmartService.exe C:\TranSmar\bin\TransDaemon.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [Win32] c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\win32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Startup: MSWINSCK.OCX O4 - Startup: stub.exe O4 - Startup: SYSINFO.OCX O4 - Startup: Win32.dll O4 - Startup: win32.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: eLifeWatcher.lnk = C:\Program Files\e-Life Pal\bin\eLifeWatcher.exe O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Muunna Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna linkin kohde Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna linkin kohde nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna valinta Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna valinta nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna valitut linkit Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Muunna valitut linkit nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166172716328 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C87A3AD5-DE8E-4a2e-BF7B-D6BCD419DED1} (EnvivioTV MPEG-4 Source Filter) - http://www.envivio.tv/downloads/EnvivioTV/EnvivioTV-AutomaticInstaller.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TranSmart Server (TranSmartServer) - Unknown owner - C:\TranSmar\bin\TransmartService.exe Ja sitten ComboFix: Kamtek Oy - 06-12-29 7:35:34,50 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Kamtek Oy\Ty”p”yt„" ((((((((((((((((((((((((((((((( Files Created from 2006-11-29 to 2006-12-29 )))))))))))))))))))))))))))))))))) 2006-12-29 07:32 <KANSIO> d-------- C:\HJT 2006-12-28 09:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-12-28 09:26 <KANSIO> d-------- C:\Program Files\Grisoft 2006-12-28 07:43 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-12-28 07:43 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2006-12-28 07:43 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2006-12-28 07:43 <KANSIO> d-------- C:\Program Files\AntiVir PersonalEdition Classic 2006-12-28 07:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2006-12-19 16:34 <KANSIO> d-------- C:\Program Files\i-CAM Viewer 2006-12-19 08:52 <KANSIO> d-------- C:\WINDOWS\system32\PreInstall 2006-12-18 08:00 127,208 --a------ C:\WINDOWS\system32\mucltui.dll 2006-12-15 11:08 <KANSIO> d-------- C:\WINDOWS\WBEM 2006-12-15 11:08 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi 2006-12-15 11:06 <KANSIO> d--h-c--- C:\WINDOWS\ie7 2006-12-15 11:05 121,856 --------- C:\WINDOWS\system32\xmllite.dll 2006-12-15 07:13 <KANSIO> d-------- C:\Program Files\Lavasoft 2006-12-13 09:32 310,034 --a------ C:\WINDOWS\netapi32.dll 2006-12-12 13:56 80,384 --a------ C:\WINDOWS\pcgw32.dll 2006-12-12 13:56 54,272 --a------ C:\WINDOWS\pcdocreg.exe 2006-12-12 13:56 335,360 --a------ C:\WINDOWS\Dotest.exe 2006-11-30 13:01 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-4119343L.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-29 07:24 -------- d-------- C:\Program Files\Mozilla Firefox 2006-12-27 08:52 -------- d-------- C:\Program Files\Windows Media Player 2006-12-27 08:31 -------- d-------- C:\Program Files\Outlook Express 2006-12-27 08:31 -------- d-------- C:\Program Files\Common Files\System 2006-12-21 08:58 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-12-18 07:57 -------- d-------- C:\Program Files\Internet Explorer 2006-12-15 07:13 -------- d-------- C:\Documents and Settings\Kamtek Oy\Application Data\Lavasoft 2006-12-15 07:11 -------- d-------- C:\Program Files\EMCO Malware Destroyer 2006-12-12 15:08 -------- d-------- C:\Documents and Settings\Kamtek Oy\Application Data\Azureus 2006-12-12 14:15 -------- d-------- C:\Program Files\Azureus 2006-12-07 12:23 44 --a------ C:\WINDOWS\system32\msssc.dll 2006-12-07 08:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-11-30 14:16 -------- d-------- C:\Program Files\Elisa Tietoturvapalvelu 2006-11-17 15:36 -------- d-------- C:\Documents and Settings\Kamtek Oy\Application Data\Google 2006-11-17 15:27 -------- d---s---- C:\Documents and Settings\Kamtek Oy\Application Data\Microsoft 2006-11-17 15:11 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard 2006-11-17 15:11 -------- d-------- C:\Program Files\Common Files 2006-11-17 15:11 -------- d-------- C:\Program Files\AMD 2006-11-17 11:27 -------- d-------- C:\Program Files\QuickTime 2006-11-17 11:25 -------- d-------- C:\Program Files\Apple Software Update 2006-11-08 12:50 -------- d-------- C:\Documents and Settings\Kamtek Oy\Application Data\U3 2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-10-20 03:39 713728 --a------ C:\WINDOWS\system32\sxs.dll 2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll 2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll 2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll 2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll 2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll 2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll 2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll 2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-10-13 14:37 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 14:37 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "F-Secure Manager"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\Common\\FSM32.EXE\" /splash" "F-Secure TNB"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW" "F-Secure Startup Wizard"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\FSGUI\\FSSW.EXE\" /reboot" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "News Service"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\FSGUI\\ispnews.exe\"" "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" @="" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ 6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00 "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Win32"="c:\\documents and settings\\kamtek oy\\käynnistä-valikko\\ohjelmat\\käynnistys\\win32.exe" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Nykyinen kotisivu" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Microsoft Update"="wumgrd.exe" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "Microsoft Update"="wumgrd.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Acrobat Speed Launcher.lnk] "path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\Adobe Acrobat Speed Launcher.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup" "location"="Common Startup" "command"="C:\\WINDOWS\\Installer\\{AC76BA86-1044-F000-BA7E-000000000002}\\SC_Acrobat.exe " "item"="Adobe Acrobat Speed Launcher" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^F1U201.401.lnk] "backup"="C:\\WINDOWS\\pss\\F1U201.401.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Belkin\\F1U201.401\\usbshare.exe " "item"="F1U201.401" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^InterVideo WinCinema Manager.lnk] "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk] "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^PVR Console.lnk] "backup"="C:\\WINDOWS\\pss\\PVR Console.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\PVRHDS~1\\PVR_CO~1\\PVR2.exe " "item"="PVR Console" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^PVRIIWatch.lnk] "backup"="C:\\WINDOWS\\pss\\PVRIIWatch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\PVRHDS~1\\PVR_CO~1\\PVRWatch.exe " "item"="PVRIIWatch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kamtek Oy^Käynnistä-valikko^Ohjelmat^Käynnistys^PVR Console.lnk] "backup"="C:\\WINDOWS\\pss\\PVR Console.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\PVRHDS~1\\PVR_CO~1\\PVR2.exe " "item"="PVR Console" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kamtek Oy^Käynnistä-valikko^Ohjelmat^Käynnistys^PVRIIWatch.lnk] "backup"="C:\\WINDOWS\\pss\\PVRIIWatch.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\PVRHDS~1\\PVR_CO~1\\PVRWatch.exe " "item"="PVRIIWatch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acrotray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="C:\\Program Files\\iTunes\\iTunesHelper.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMTray" "hkey"="HKLM" "command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UrlLstCk" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SoundMAX Agent Service (default)"=dword:00000002 "Adobe LM Service"=dword:00000003 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Scheduled scanning task.job Completion time: 06-12-29 7:36:54.62 C:\ComboFix.txt ... 06-12-29 07:36
Ja sitten...... Koneessa oli "Backboor" infektio mitä tarkoittaa että kannattaa muuttaa kaikki salasanat ja käyttäjätunnukset.Jos olet koneen kautta hoitanut pankki ja visa asioita niin kannattaa olla yhteydessä Pankkiin ja Luottoyhtiöön. Tee uusi hjt-scannaus Do a System scan only Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O4 - HKLM\..\RunServices: [Win32] c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\win32.exe O4 - Startup: MSWINSCK.OCX O4 - Startup: stub.exe O4 - Startup: SYSINFO.OCX O4 - Startup: Win32.dll O4 - Startup: win32.exe Lataa Killbox Option^Explicitiltä. Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi. [*]Tallenna työpöydällesi. [*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman. [*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.[/list] [*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi): c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\win32.exe c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\MSWINSCK.OCX c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\stub.exe c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\SYSINFO.OCX c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\Win32.dll [*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard. [*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).[/list] Käynnistä koneesi itse jos se ei sitä automaattisesti tee. Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan. Ota ensin rekisteristä näin varmuuskopio: Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen). Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot) Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Win32"=- [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Microsoft Update"=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "Microsoft Update"=- Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudestaan [*]1.Napsauta Käynnistä-painiketta ja valitse Ohjauspaneeli. [*]2.Valitse "Kansion asetukset" [*]3.Siirry "Näytä välilehdelle" [*]4.Valitse Näytä-välilehden Piilotetut tiedostot ja kansiot -kohdassa" Näytä piilotetut tiedostot ja kansiot." Poista seuraava tiedosto --->wumgrd.exe<--- Kättämällä Windowsin Etsi toimintoa Mene selaimella --->Virustotal .com Yläreunasta paina selaa ja paikanna suraava: C:\WINDOWS\system32\msssc.dll C:\WINDOWS\Dotest.exe ja paina Send Huom!!! vain 1 tiedosto kerrallaan !!!!!!! Scannaus kestää jonkun aikaa,odota kunnes tulee teksti "Finished"!!Kopioi tulokset muistioon ja siitä sitten liität tänne Lähetä uusi Hjt-loki ja Virustotalin tulokset
Nyt taitaa pätkiä pahasti täällä päässä, taitaa olla vuoden vaihde vaan mielessä mutta mille leikepöydälle? [*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi): Noniin alkaa olla päivä siihen malliin että eiköhän jatketa ensivuonna, kyllä ne virukset jaksaa odotella. Hyvää uutta vuotta vaan kaikille!!!
Moi! Kokeile maalata -->kopioi -->ja liitä killboxiin. Jos ei onnistu niin poistetaan ne vikasietotilassa. [*]1.Napsauta Käynnistä-painiketta ja valitse Ohjauspaneeli. [*]2.Valitse "Kansion asetukset" [*]3.Siirry "Näytä välilehdelle" [*]4.Valitse Näytä-välilehden Piilotetut tiedostot ja kansiot -kohdassa" Näytä piilotetut tiedostot ja kansiot." [*]Käynnistä tietokone [*]Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa [*]Seuraavaksi pitäisi ilmestyä valikko [*]Valitse valikosta vikasietotila. Paikanna ja poista seuraavat tiedostot: c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\win32.exe c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\MSWINSCK.OCX c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\stub.exe c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\SYSINFO.OCX c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\Win32.dll Poista seuraava tiedosto vikasietotilassa --->wumgrd.exe<--- Käyttämällä Windowsin Etsi toimintoa Käynnistä kone uudelleen Ota ensin rekisteristä näin varmuuskopio: Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen). Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot) Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Win32"=- [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Microsoft Update"=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "Microsoft Update"=- Mene selaimella --->Virustotal .com Yläreunasta paina selaa ja paikanna suraava: C:\WINDOWS\system32\msssc.dll C:\WINDOWS\Dotest.exe ja paina Send Huom!!! vain 1 tiedosto kerrallaan !!!!!!! Scannaus kestää jonkun aikaa,odota kunnes tulee teksti "Finished"!!Kopioi tulokset muistioon ja siitä sitten liität tänne Lähetä uusi Hjt-loki ja Virustotalin tulokset
Terve taas, ja arki alkaa. Sitä wumgrd.exe tiedostoa ei löytynyt. Ja rekisteri editori ilmottaa punasella ruksilla että, Varmuuskopio.reg: ei voi tuoda. Kaikkia tietoja ei kirjoitettu onnistuneesti rekisteriin. Järjestelmä tai jokin muu prosessi avannut avaimia. Tässä on nyt HJT-loki ja Virustotal-loki. Logfile of HijackThis v1.99.1 Scan saved at 8:51:48, on 2.1.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\TranSmar\bin\TransmartService.exe C:\TranSmar\bin\TransDaemon.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\HJT\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Muunna Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna linkin kohde Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna linkin kohde nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna valinta Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna valinta nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna valitut linkit Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Muunna valitut linkit nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166172716328 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C87A3AD5-DE8E-4a2e-BF7B-D6BCD419DED1} (EnvivioTV MPEG-4 Source Filter) - http://www.envivio.tv/downloads/EnvivioTV/EnvivioTV-AutomaticInstaller.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TranSmart Server (TranSmartServer) - Unknown owner - C:\TranSmar\bin\TransmartService.exe Complete scanning result of "msssc.dll", received in VirusTotal at 01.02.2007, 07:44:09 (CET). Antivirus Version Update Result AntiVir 7.3.0.21 01.01.2007 no virus found Authentium 4.93.8 12.30.2006 no virus found Avast 4.7.892.0 12.30.2006 no virus found AVG 386 01.01.2007 no virus found BitDefender 7.2 01.02.2007 no virus found CAT-QuickHeal 8.00 01.01.2007 no virus found ClamAV devel-20060426 01.01.2007 no virus found DrWeb 4.33 01.02.2007 no virus found eSafe 7.0.14.0 01.01.2007 no virus found eTrust-InoculateIT 23.73.102 12.30.2006 no virus found eTrust-Vet 30.3.3296 01.02.2007 no virus found Ewido 4.0 01.01.2007 no virus found Fortinet 2.82.0.0 01.02.2007 no virus found F-Prot 3.16f 12.30.2006 no virus found F-Prot4 4.2.1.29 12.30.2006 no virus found Ikarus T3.1.0.27 01.02.2007 no virus found Kaspersky 4.0.2.24 01.02.2007 no virus found McAfee 4929 12.29.2006 no virus found Microsoft 1.1904 12.31.2006 no virus found NOD32v2 1951 01.01.2007 no virus found Norman 5.80.02 12.31.2007 no virus found Panda 9.0.0.4 01.01.2007 no virus found Prevx1 V2 01.02.2007 no virus found Sophos 4.13.0 01.01.2007 no virus found Sunbelt 2.2.907.0 12.18.2006 no virus found TheHacker 6.0.3.141 01.01.2007 no virus found VBA32 3.11.1 01.01.2007 no virus found VirusBuster 4.3.19:9 01.01.2007 no virus found Aditional Information File size: 44 bytes MD5: ac1a6784ffeebdf777bea86182e773dd SHA1: f91fc12ce5e0a7be8d14a57c64b5155be35aff0d Complete scanning result of "Dotest.exe", received in VirusTotal at 01.02.2007, 07:47:38 (CET). Antivirus Version Update Result AntiVir 7.3.0.21 01.01.2007 no virus found Authentium 4.93.8 12.30.2006 no virus found Avast 4.7.892.0 12.30.2006 no virus found AVG 386 01.01.2007 no virus found BitDefender 7.2 01.02.2007 no virus found CAT-QuickHeal 8.00 01.01.2007 (Suspicious) - DNAScan ClamAV devel-20060426 01.01.2007 no virus found DrWeb 4.33 01.02.2007 no virus found eSafe 7.0.14.0 01.01.2007 no virus found eTrust-InoculateIT 23.73.102 12.30.2006 no virus found eTrust-Vet 30.3.3296 01.02.2007 no virus found Ewido 4.0 01.01.2007 no virus found Fortinet 2.82.0.0 01.02.2007 no virus found F-Prot 3.16f 12.30.2006 no virus found F-Prot4 4.2.1.29 12.30.2006 no virus found Ikarus T3.1.0.27 01.02.2007 no virus found Kaspersky 4.0.2.24 01.02.2007 no virus found McAfee 4929 12.29.2006 no virus found Microsoft 1.1904 12.31.2006 no virus found NOD32v2 1951 01.01.2007 no virus found Norman 5.80.02 12.31.2007 no virus found Panda 9.0.0.4 01.01.2007 no virus found Prevx1 V2 01.02.2007 no virus found Sophos 4.13.0 01.01.2007 no virus found Sunbelt 2.2.907.0 12.18.2006 no virus found TheHacker 6.0.3.141 01.01.2007 no virus found VBA32 3.11.1 01.01.2007 no virus found VirusBuster 4.3.19:9 01.01.2007 no virus found Aditional Information File size: 335360 bytes MD5: 586775e6be956f6820f0c8677a28afa5 SHA1: 2dbcb0b47c3ea885c97561ddaa6052b10d54e6d8 packers: PECOMPACT packers: PECompact
Moi! Virustotalissa olleet tiedostot on OK! Onko TranSmart ohjelma itse asennettu koneelle ??? F-Secure saato estää sen rekisterifixauksen.Sammuta F-secure ja kokeile rekisterifixauksen uudestaan Tee uusi hjt-scannaus Do a System scan only Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u * Lataa Dr.Web CureIt työpöydälle: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe * Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan * Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan. * Kun scan on valmis, merkkaa asemat, jotka haluat scannata. * Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu. * Klikaa vihreää nuolta oikealla ja scan alkaa. * Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston. * Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: * Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa: Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon. * Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list * Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv * Sulje Dr.Web Cureit. * Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä. * Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi. Lähetä vielä uusi Hjt-loki ja DrWeb-loki
Moro, Transmart on itse asennettu kääntö ohjelma word:iin ja vissiin muihinkin tekstinkäsittely ohjelmiin ja aivan turha. Ja sit yks pikku ongelma, miten saan fsecuren sammutettua?
Moi! F-secure ei ole niin tuttu mutta kokeile alapalkissa f-securen logon kohdalla oikee klikkaa ja exit tai sammuta.Jos ei onnistu niin tee se rekisteri fixaus vikasietotilassa Ja siitten se DrWeb scannaus + loki
En saanu sammutettua tuota F-securea ja kokeilin sitten vikasietotilassa mutta sama viesti tulee joka kerta. Olenkohan ymmärtänyt ihan oikein sen rekisterimuutos homman, eli olen tallentanut varmuuskopion rekisteristä (nimellä varmuuskopio) omiin tiedostoihin ja kopioinut antamasi rekisterin pätkän muistioon työpöydälle nimellä fix.reg. Ja sitten tuplaklikkaamalla varmuuskopiota tämän pitäisi onnistua? Nyt muuten huomasin että äänet on kadonnu, kun katsoo video pätkää niin ääniä ei ole. Eilen vielä oli. Hmmm.
Kyllä aivan oikeen.(ja tallennus muoto kaikki tiedostot) Ei kyllä pitäis ääniin vaikuttaa,tarkista ääni asetukset Se Dr.webin loki ?
Moro taas. Eli äänet on kadonnu enkä saa niitä takas mutta katotaan nää virus hommat ensiks, (rekisteri muutos juttua en saanu tehtyä vieläkään.) Ja tässä on lokit, ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2007-01-05, 07:27:18 [TOIMISTO][Kamtek Oy] Command-line: "C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.5.10110) Engine API version: 2.01 [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 274 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 879 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 378 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 353 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 165726 Key file: C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\adobe acrobat speed launcher.lnk [Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini [Scan path] c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini [Scan path] c:\documents and settings\kamtek oy\local settings\temp\rarsfx0\_start.exe [Scan path] c:\documents and settings\kamtek oy\local settings\temp\rarsfx0\cureit.exe [Scan path] c:\documents and settings\kamtek oy\työpöytä\drweb-cureit.exe [Scan path] c:\program files\adobe\acrobat 7.0\acrobat elements\contextmenu.dll [Scan path] c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll [Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll [Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll [Scan path] c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe [Scan path] c:\program files\analog devices\soundmax\smagent.exe [Scan path] c:\program files\analog devices\soundmax\smtray.exe [Scan path] c:\program files\antivir personaledition classic\avgio.sys [Scan path] c:\program files\antivir personaledition classic\avgntflt.sys [Scan path] c:\program files\antivir personaledition classic\avguard.exe [Scan path] c:\program files\antivir personaledition classic\sched.exe [Scan path] c:\program files\antivir personaledition classic\shlext.dll [Scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe [Scan path] c:\program files\common files\epson\ebapi\eebsvc.exe [Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe [Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll [Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll [Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll [Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll [Scan path] c:\program files\common files\system\ole db\oledb32.dll [Scan path] c:\program files\elisa tietoturvapalvelu\anti-spyware\fsaw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsav32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsgk32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsgk32st.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsqh.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsrw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fssm32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsfilter.sys [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsgk.sys [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsrec.sys [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\fspex.exe [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\servicewrapper-4119343.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fameh32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fch32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsm32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsma32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsmb32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\fsguidll.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\fssw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\ispnews.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fwes\program\fsdfwd.exe [Scan path] c:\program files\elisa tietoturvapalvelu\tnb\tnbutil.exe [Scan path] c:\program files\google\googletoolbar2.dll [Scan path] c:\program files\google\googletoolbarnotifier\1.2.908.5008\googletoolbarnotifier.exe [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll [Scan path] c:\program files\ipod\bin\ipodservice.exe [Scan path] c:\program files\itunes\itunesminiplayer.dll [Scan path] c:\program files\messenger\msmsgs.exe [Scan path] c:\program files\microsoft office\office10\msohev.dll [Scan path] c:\program files\msn messenger\msgrapp.dll [Scan path] c:\program files\outlook express\setup50.exe [Scan path] c:\program files\outlook express\wabfind.dll [Scan path] c:\program files\quicktime\qttask.exe [Scan path] c:\program files\winrar\rarext.dll [Scan path] c:\transmar\bin\transdaemon.exe [Scan path] c:\transmar\bin\transmartservice.exe [Scan path] c:\windows\explorer.exe [Scan path] c:\windows\inf\unregmp2.exe [Scan path] c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe [Scan path] c:\windows\msagent\agentpsh.dll [Scan path] c:\windows\system32\adobepdf.dll [Scan path] c:\windows\system32\advapi32.dll [Scan path] c:\windows\system32\advpack.dll [Scan path] c:\windows\system32\alg.exe [Scan path] c:\windows\system32\appwiz.cpl [Scan path] c:\windows\system32\audiodev.dll [Scan path] c:\windows\system32\autochk.exe [Scan path] c:\windows\system32\browseui.dll [Scan path] c:\windows\system32\cabview.dll [Scan path] c:\windows\system32\cisvc.exe [Scan path] c:\windows\system32\clipsrv.exe [Scan path] c:\windows\system32\cnbjmon.dll [Scan path] c:\windows\system32\comdlg32.dll [Scan path] c:\windows\system32\crypt32.dll [Scan path] c:\windows\system32\cryptext.dll [Scan path] c:\windows\system32\cryptnet.dll [Scan path] c:\windows\system32\cscdll.dll [Scan path] c:\windows\system32\cscui.dll [Scan path] c:\windows\system32\csrss.exe [Scan path] c:\windows\system32\ctfmon.exe [Scan path] c:\windows\system32\deskadp.dll [Scan path] c:\windows\system32\deskmon.dll [Scan path] c:\windows\system32\deskperf.dll [Scan path] c:\windows\system32\dfsshlex.dll [Scan path] c:\windows\system32\diskcopy.dll [Scan path] c:\windows\system32\dllhost.exe [Scan path] c:\windows\system32\dmadmin.exe [Scan path] c:\windows\system32\docprop.dll [Scan path] c:\windows\system32\docprop2.dll [Scan path] c:\windows\system32\drivers\acpi.sys [Scan path] c:\windows\system32\drivers\aeaudio.sys [Scan path] c:\windows\system32\drivers\aec.sys [Scan path] c:\windows\system32\drivers\afd.sys [Scan path] c:\windows\system32\drivers\akshasp.sys [Scan path] c:\windows\system32\drivers\aksusb.sys [Scan path] c:\windows\system32\drivers\amdk7.sys [Scan path] c:\windows\system32\drivers\amdtools.sys [Scan path] c:\windows\system32\drivers\an983.sys [Scan path] c:\windows\system32\drivers\asyncmac.sys [Scan path] c:\windows\system32\drivers\atapi.sys [Scan path] c:\windows\system32\drivers\atmarpc.sys [Scan path] c:\windows\system32\drivers\audstub.sys [Scan path] c:\windows\system32\drivers\avgascln.sys [Scan path] c:\windows\system32\drivers\ccdecode.sys [Scan path] c:\windows\system32\drivers\cdrom.sys [Scan path] c:\windows\system32\drivers\disk.sys [Scan path] c:\windows\system32\drivers\dmboot.sys [Scan path] c:\windows\system32\drivers\dmio.sys [Scan path] c:\windows\system32\drivers\dmload.sys [Scan path] c:\windows\system32\drivers\dmusic.sys [Scan path] c:\windows\system32\drivers\drmkaud.sys [Scan path] c:\windows\system32\drivers\dstaud.sys [Scan path] c:\windows\system32\drivers\dstvid.sys [Scan path] c:\windows\system32\drivers\dumant.sys [Scan path] c:\windows\system32\drivers\fdc.sys [Scan path] c:\windows\system32\drivers\fetnd5b.sys [Scan path] c:\windows\system32\drivers\fetnd5bv.sys [Scan path] c:\windows\system32\drivers\flpydisk.sys [Scan path] c:\windows\system32\drivers\fltmgr.sys [Scan path] c:\windows\system32\drivers\fsdfw.sys [Scan path] c:\windows\system32\drivers\ftdisk.sys [Scan path] c:\windows\system32\drivers\gameenum.sys [Scan path] c:\windows\system32\drivers\gearaspiwdm.sys [Scan path] c:\windows\system32\drivers\hardlock.sys [Scan path] c:\windows\system32\drivers\hidusb.sys [Scan path] c:\windows\system32\drivers\http.sys [Scan path] c:\windows\system32\drivers\i8042prt.sys [Scan path] c:\windows\system32\drivers\imapi.sys [Scan path] c:\windows\system32\drivers\ip6fw.sys [Scan path] c:\windows\system32\drivers\ipfltdrv.sys [Scan path] c:\windows\system32\drivers\ipinip.sys [Scan path] c:\windows\system32\drivers\ipnat.sys [Scan path] c:\windows\system32\drivers\ipsec.sys [Scan path] c:\windows\system32\drivers\irenum.sys [Scan path] c:\windows\system32\drivers\isapnp.sys [Scan path] c:\windows\system32\drivers\kbdclass.sys [Scan path] c:\windows\system32\drivers\kmixer.sys [Scan path] c:\windows\system32\drivers\mouclass.sys [Scan path] c:\windows\system32\drivers\mrxdav.sys [Scan path] c:\windows\system32\drivers\mrxsmb.sys [Scan path] c:\windows\system32\drivers\msgpc.sys [Scan path] c:\windows\system32\drivers\mskssrv.sys [Scan path] c:\windows\system32\drivers\mspclock.sys [Scan path] c:\windows\system32\drivers\mspqm.sys [Scan path] c:\windows\system32\drivers\mssmbios.sys [Scan path] c:\windows\system32\drivers\mstee.sys [Scan path] c:\windows\system32\drivers\nabtsfec.sys [Scan path] c:\windows\system32\drivers\ndisip.sys [Scan path] c:\windows\system32\drivers\ndistapi.sys [Scan path] c:\windows\system32\drivers\ndisuio.sys [Scan path] c:\windows\system32\drivers\ndiswan.sys [Scan path] c:\windows\system32\drivers\netbios.sys [Scan path] c:\windows\system32\drivers\netbt.sys [Scan path] c:\windows\system32\drivers\nv4_mini.sys [Scan path] c:\windows\system32\drivers\nvcap.sys [Scan path] c:\windows\system32\drivers\nvtunep.sys [Scan path] c:\windows\system32\drivers\nvtvsnd.sys [Scan path] c:\windows\system32\drivers\nvxbar.sys [Scan path] c:\windows\system32\drivers\nwlnkflt.sys [Scan path] c:\windows\system32\drivers\nwlnkfwd.sys [Scan path] c:\windows\system32\drivers\parport.sys [Scan path] c:\windows\system32\drivers\pci.sys [Scan path] c:\windows\system32\drivers\psched.sys [Scan path] c:\windows\system32\drivers\ptilink.sys [Scan path] c:\windows\system32\drivers\rasacd.sys [Scan path] c:\windows\system32\drivers\rasl2tp.sys [Scan path] c:\windows\system32\drivers\raspppoe.sys [Scan path] c:\windows\system32\drivers\raspptp.sys [Scan path] c:\windows\system32\drivers\raspti.sys [Scan path] c:\windows\system32\drivers\rdbss.sys [Scan path] c:\windows\system32\drivers\rdpcdd.sys [Scan path] c:\windows\system32\drivers\rdpdr.sys [Scan path] c:\windows\system32\drivers\redbook.sys [Scan path] c:\windows\system32\drivers\scsiport.sys [Scan path] c:\windows\system32\drivers\secdrv.sys [Scan path] c:\windows\system32\drivers\serenum.sys [Scan path] c:\windows\system32\drivers\serial.sys [Scan path] c:\windows\system32\drivers\slip.sys [Scan path] c:\windows\system32\drivers\smwdm.sys [Scan path] c:\windows\system32\drivers\sonypvu1.sys [Scan path] c:\windows\system32\drivers\splitter.sys [Scan path] c:\windows\system32\drivers\sr.sys [Scan path] c:\windows\system32\drivers\srv.sys [Scan path] c:\windows\system32\drivers\streamip.sys [Scan path] c:\windows\system32\drivers\swenum.sys [Scan path] c:\windows\system32\drivers\swmidi.sys [Scan path] c:\windows\system32\drivers\sysaudio.sys [Scan path] c:\windows\system32\drivers\tcpip.sys [Scan path] c:\windows\system32\drivers\termdd.sys [Scan path] c:\windows\system32\drivers\update.sys [Scan path] c:\windows\system32\drivers\usbdvr2n.sys [Scan path] c:\windows\system32\drivers\usbehci.sys [Scan path] c:\windows\system32\drivers\usbhub.sys [Scan path] c:\windows\system32\drivers\usbprint.sys [Scan path] c:\windows\system32\drivers\usbstor.sys [Scan path] c:\windows\system32\drivers\usbuhci.sys [Scan path] c:\windows\system32\drivers\vga.sys [Scan path] c:\windows\system32\drivers\viaagp1.sys [Scan path] c:\windows\system32\drivers\viaide.sys [Scan path] c:\windows\system32\drivers\wanarp.sys [Scan path] c:\windows\system32\drivers\wdmaud.sys [Scan path] c:\windows\system32\drivers\wpdusb.sys [Scan path] c:\windows\system32\drivers\wstcodec.sys [Scan path] c:\windows\system32\dskquoui.dll [Scan path] c:\windows\system32\dsquery.dll [Scan path] c:\windows\system32\dssec.dll [Scan path] c:\windows\system32\dsuiext.dll [Scan path] c:\windows\system32\dumprep.exe [Scan path] c:\windows\system32\e_sl2375.dll [Scan path] c:\windows\system32\extmgr.dll [Scan path] c:\windows\system32\fontext.dll [Scan path] c:\windows\system32\gdi32.dll [Scan path] c:\windows\system32\hticons.dll [Scan path] c:\windows\system32\icmui.dll [Scan path] c:\windows\system32\ie4uinit.exe [Scan path] c:\windows\system32\iedkcs32.dll [Scan path] c:\windows\system32\ieframe.dll [Scan path] c:\windows\system32\ieudinit.exe [Scan path] c:\windows\system32\imagehlp.dll [Scan path] c:\windows\system32\imapi.exe [Scan path] c:\windows\system32\inetcomm.dll [Scan path] c:\windows\system32\itss.dll [Scan path] c:\windows\system32\kerberos.dll [Scan path] c:\windows\system32\kernel32.dll [Scan path] c:\windows\system32\localspl.dll [Scan path] c:\windows\system32\locator.exe [Scan path] c:\windows\system32\logonui.exe [Scan path] c:\windows\system32\lsass.exe [Scan path] c:\windows\system32\lz32.dll [Scan path] c:\windows\system32\mmcshext.dll [Scan path] c:\windows\system32\mmsys.cpl [Scan path] c:\windows\system32\mnmsrvc.exe [Scan path] c:\windows\system32\mscoree.dll [Scan path] c:\windows\system32\mscories.dll [Scan path] c:\windows\system32\msdtc.exe [Scan path] c:\windows\system32\mshtml.dll [Scan path] c:\windows\system32\msieftp.dll [Scan path] c:\windows\system32\msiexec.exe [Scan path] c:\windows\system32\mstask.dll [Scan path] c:\windows\system32\msv1_0.dll [Scan path] c:\windows\system32\msvidctl.dll [Scan path] c:\windows\system32\mswsock.dll [Scan path] c:\windows\system32\mydocs.dll [Scan path] c:\windows\system32\netdde.exe [Scan path] c:\windows\system32\netplwiz.dll [Scan path] c:\windows\system32\netshell.dll [Scan path] c:\windows\system32\ntlanui2.dll [Scan path] c:\windows\system32\ntsd.exe [Scan path] c:\windows\system32\ntshrui.dll [Scan path] c:\windows\system32\ntsim.sys [Scan path] c:\windows\system32\nvcpl.dll [Scan path] c:\windows\system32\nvshell.dll [Scan path] c:\windows\system32\nvsvc32.exe [Scan path] c:\windows\system32\occache.dll [Scan path] c:\windows\system32\ole32.dll [Scan path] c:\windows\system32\oleaut32.dll [Scan path] c:\windows\system32\olecli32.dll [Scan path] c:\windows\system32\olecnv32.dll [Scan path] c:\windows\system32\olesvr32.dll [Scan path] c:\windows\system32\olethk32.dll [Scan path] c:\windows\system32\photowiz.dll [Scan path] c:\windows\system32\pjlmon.dll [Scan path] c:\windows\system32\printui.dll [Scan path] c:\windows\system32\regsvr32.exe [Scan path] c:\windows\system32\remotepg.dll [Scan path] c:\windows\system32\rpcrt4.dll [Scan path] c:\windows\system32\rpcss.dll [Scan path] c:\windows\system32\rshx32.dll [Scan path] c:\windows\system32\rsvp.exe [Scan path] c:\windows\system32\rsvpsp.dll [Scan path] c:\windows\system32\rundll32.exe [Scan path] c:\windows\system32\scardsvr.exe [Scan path] c:\windows\system32\scecli.dll [Scan path] c:\windows\system32\schannel.dll [Scan path] c:\windows\system32\sclgntfy.dll [Scan path] c:\windows\system32\sendmail.dll [Scan path] c:\windows\system32\services.exe [Scan path] c:\windows\system32\sessmgr.exe [Scan path] c:\windows\system32\shdocvw.dll [Scan path] c:\windows\system32\shell32.dll [Scan path] c:\windows\system32\shimgvw.dll [Scan path] c:\windows\system32\shmedia.dll [Scan path] c:\windows\system32\shmgrate.exe [Scan path] c:\windows\system32\shscrap.dll [Scan path] c:\windows\system32\slayerxp.dll [Scan path] c:\windows\system32\smlogsvc.exe [Scan path] c:\windows\system32\smss.exe [Scan path] c:\windows\system32\spool\drivers\w32x86\3\e_srcv03.exe [Scan path] c:\windows\system32\spoolsv.exe [Scan path] c:\windows\system32\stobject.dll [Scan path] c:\windows\system32\svchost.exe [Scan path] c:\windows\system32\syncui.dll [Scan path] c:\windows\system32\tcpmon.dll [Scan path] c:\windows\system32\themeui.dll [Scan path] c:\windows\system32\tlntsvr.exe [Scan path] c:\windows\system32\twext.dll [Scan path] c:\windows\system32\ups.exe [Scan path] c:\windows\system32\url.dll [Scan path] c:\windows\system32\urlmon.dll [Scan path] c:\windows\system32\usbmon.dll [Scan path] c:\windows\system32\user32.dll [Scan path] c:\windows\system32\version.dll [Scan path] c:\windows\system32\vssvc.exe [Scan path] c:\windows\system32\wbem\wmiapsrv.exe [Scan path] c:\windows\system32\wdfmgr.exe [Scan path] c:\windows\system32\wdigest.dll [Scan path] c:\windows\system32\webcheck.dll [Scan path] c:\windows\system32\wiascr.dll [Scan path] c:\windows\system32\wiashext.dll [Scan path] c:\windows\system32\wininet.dll [Scan path] c:\windows\system32\winlogon.exe [Scan path] c:\windows\system32\wldap32.dll [Scan path] c:\windows\system32\wlnotify.dll [Scan path] c:\windows\system32\wmpshell.dll [Scan path] c:\windows\system32\wshext.dll [Scan path] c:\windows\system32\wuaucpl.cpl [Scan path] c:\windows\system32\zipfldr.dll ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 331 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 5468 Kb/s Scan time: 00:00:17 ----------------------------------------------------------------------------- [Scan path] C:\ C:\Documents and Settings\Kamtek Oy\NTUSER.DAT - read error C:\Documents and Settings\Kamtek Oy\NTUSER~1.LOG - read error C:\Documents and Settings\Kamtek Oy\Application Data\Mozilla\Firefox\Profiles\kveui9zl.default\PARENT~1.LOC - read error C:\Documents and Settings\Kamtek Oy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error C:\Documents and Settings\Kamtek Oy\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Documents and Settings\LocalService\NTUSER.DAT - read error C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Documents and Settings\NetworkService\NTUSER.DAT - read error C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chandir.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chandir.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chn.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chn.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\D0000000.FCS - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\L0000072.FCS - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_die.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_die.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_dnd.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_dnd.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_ext.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_ext.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_rcv.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_rcv.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\storydb.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\storydb.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\Common\admin.pub - read error C:\Program Files\Elisa Tietoturvapalvelu\Common\policy.ipf - read error >C:\Program Files\WinRAR\Dos.SFXC:\WINDOWS\TempFile - read error C:\WINDOWS\system32\config\default - read error C:\WINDOWS\system32\config\default.LOG - read error C:\WINDOWS\system32\config\SAM - read error C:\WINDOWS\system32\config\SAM.LOG - read error C:\WINDOWS\system32\config\SECURITY - read error C:\WINDOWS\system32\config\SECURITY.LOG - read error C:\WINDOWS\system32\config\software - read error C:\WINDOWS\system32\config\software.LOG - read error C:\WINDOWS\system32\config\system - read error C:\WINDOWS\system32\config\system.LOG - read error [Scan path] F:\ ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 105493 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 128 Kb/s Scan time: 01:11:36 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Objects scanned: 105824 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 149 Kb/s Scan time: 01:11:53 ============================================================================= ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2007-01-05, 08:45:38 [TOIMISTO][Kamtek Oy] Command-line: "C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.5.10110) Engine API version: 2.01 [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 274 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 879 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 378 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 353 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 165726 Key file: C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\adobe acrobat speed launcher.lnk [Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini [Scan path] c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini [Scan path] c:\documents and settings\kamtek oy\local settings\temp\rarsfx0\_start.exe [Scan path] c:\documents and settings\kamtek oy\local settings\temp\rarsfx0\cureit.exe [Scan path] c:\documents and settings\kamtek oy\työpöytä\drweb-cureit.exe [Scan path] c:\program files\adobe\acrobat 7.0\acrobat elements\contextmenu.dll [Scan path] c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll [Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll [Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll [Scan path] c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe [Scan path] c:\program files\analog devices\soundmax\smagent.exe [Scan path] c:\program files\analog devices\soundmax\smtray.exe [Scan path] c:\program files\antivir personaledition classic\avgio.sys [Scan path] c:\program files\antivir personaledition classic\avgntflt.sys [Scan path] c:\program files\antivir personaledition classic\avguard.exe [Scan path] c:\program files\antivir personaledition classic\sched.exe [Scan path] c:\program files\antivir personaledition classic\shlext.dll [Scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe [Scan path] c:\program files\common files\epson\ebapi\eebsvc.exe [Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe [Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll [Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll [Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll [Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll [Scan path] c:\program files\common files\system\ole db\oledb32.dll [Scan path] c:\program files\elisa tietoturvapalvelu\anti-spyware\fsaw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsav32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsgk32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsgk32st.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsqh.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsrw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fssm32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsfilter.sys [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsgk.sys [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsrec.sys [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\fspex.exe [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\servicewrapper-4119343.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fameh32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fch32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsm32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsma32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsmb32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\fsguidll.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\fssw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\ispnews.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fwes\program\fsdfwd.exe [Scan path] c:\program files\elisa tietoturvapalvelu\tnb\tnbutil.exe [Scan path] c:\program files\google\googletoolbar2.dll [Scan path] c:\program files\google\googletoolbarnotifier\1.2.908.5008\googletoolbarnotifier.exe [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll [Scan path] c:\program files\ipod\bin\ipodservice.exe [Scan path] c:\program files\itunes\itunesminiplayer.dll [Scan path] c:\program files\messenger\msmsgs.exe [Scan path] c:\program files\microsoft office\office10\msohev.dll [Scan path] c:\program files\mozilla firefox\firefox.exe [Scan path] c:\program files\msn messenger\msgrapp.dll [Scan path] c:\program files\outlook express\setup50.exe [Scan path] c:\program files\outlook express\wabfind.dll [Scan path] c:\program files\quicktime\qttask.exe [Scan path] c:\program files\winrar\rarext.dll [Scan path] c:\transmar\bin\transdaemon.exe [Scan path] c:\transmar\bin\transmartservice.exe [Scan path] c:\windows\explorer.exe [Scan path] c:\windows\inf\unregmp2.exe [Scan path] c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe [Scan path] c:\windows\msagent\agentpsh.dll [Scan path] c:\windows\system32\adobepdf.dll [Scan path] c:\windows\system32\advapi32.dll [Scan path] c:\windows\system32\advpack.dll [Scan path] c:\windows\system32\alg.exe [Scan path] c:\windows\system32\appwiz.cpl [Scan path] c:\windows\system32\audiodev.dll [Scan path] c:\windows\system32\autochk.exe [Scan path] c:\windows\system32\browseui.dll [Scan path] c:\windows\system32\cabview.dll [Scan path] c:\windows\system32\cisvc.exe [Scan path] c:\windows\system32\clipsrv.exe [Scan path] c:\windows\system32\cnbjmon.dll [Scan path] c:\windows\system32\comdlg32.dll [Scan path] c:\windows\system32\crypt32.dll [Scan path] c:\windows\system32\cryptext.dll [Scan path] c:\windows\system32\cryptnet.dll [Scan path] c:\windows\system32\cscdll.dll [Scan path] c:\windows\system32\cscui.dll [Scan path] c:\windows\system32\csrss.exe [Scan path] c:\windows\system32\ctfmon.exe [Scan path] c:\windows\system32\deskadp.dll [Scan path] c:\windows\system32\deskmon.dll [Scan path] c:\windows\system32\deskperf.dll [Scan path] c:\windows\system32\dfsshlex.dll [Scan path] c:\windows\system32\diskcopy.dll [Scan path] c:\windows\system32\dllhost.exe [Scan path] c:\windows\system32\dmadmin.exe [Scan path] c:\windows\system32\docprop.dll [Scan path] c:\windows\system32\docprop2.dll [Scan path] c:\windows\system32\drivers\acpi.sys [Scan path] c:\windows\system32\drivers\aeaudio.sys [Scan path] c:\windows\system32\drivers\aec.sys [Scan path] c:\windows\system32\drivers\afd.sys [Scan path] c:\windows\system32\drivers\akshasp.sys [Scan path] c:\windows\system32\drivers\aksusb.sys [Scan path] c:\windows\system32\drivers\amdk7.sys [Scan path] c:\windows\system32\drivers\amdtools.sys [Scan path] c:\windows\system32\drivers\an983.sys [Scan path] c:\windows\system32\drivers\asyncmac.sys [Scan path] c:\windows\system32\drivers\atapi.sys [Scan path] c:\windows\system32\drivers\atmarpc.sys [Scan path] c:\windows\system32\drivers\audstub.sys [Scan path] c:\windows\system32\drivers\avgascln.sys [Scan path] c:\windows\system32\drivers\ccdecode.sys [Scan path] c:\windows\system32\drivers\cdrom.sys [Scan path] c:\windows\system32\drivers\disk.sys [Scan path] c:\windows\system32\drivers\dmboot.sys [Scan path] c:\windows\system32\drivers\dmio.sys [Scan path] c:\windows\system32\drivers\dmload.sys [Scan path] c:\windows\system32\drivers\dmusic.sys [Scan path] c:\windows\system32\drivers\drmkaud.sys [Scan path] c:\windows\system32\drivers\dstaud.sys [Scan path] c:\windows\system32\drivers\dstvid.sys [Scan path] c:\windows\system32\drivers\dumant.sys [Scan path] c:\windows\system32\drivers\fdc.sys [Scan path] c:\windows\system32\drivers\fetnd5b.sys [Scan path] c:\windows\system32\drivers\fetnd5bv.sys [Scan path] c:\windows\system32\drivers\flpydisk.sys [Scan path] c:\windows\system32\drivers\fltmgr.sys [Scan path] c:\windows\system32\drivers\fsdfw.sys [Scan path] c:\windows\system32\drivers\ftdisk.sys [Scan path] c:\windows\system32\drivers\gameenum.sys [Scan path] c:\windows\system32\drivers\gearaspiwdm.sys [Scan path] c:\windows\system32\drivers\hardlock.sys [Scan path] c:\windows\system32\drivers\hidusb.sys [Scan path] c:\windows\system32\drivers\http.sys [Scan path] c:\windows\system32\drivers\i8042prt.sys [Scan path] c:\windows\system32\drivers\imapi.sys [Scan path] c:\windows\system32\drivers\ip6fw.sys [Scan path] c:\windows\system32\drivers\ipfltdrv.sys [Scan path] c:\windows\system32\drivers\ipinip.sys [Scan path] c:\windows\system32\drivers\ipnat.sys [Scan path] c:\windows\system32\drivers\ipsec.sys [Scan path] c:\windows\system32\drivers\irenum.sys [Scan path] c:\windows\system32\drivers\isapnp.sys [Scan path] c:\windows\system32\drivers\kbdclass.sys [Scan path] c:\windows\system32\drivers\kmixer.sys [Scan path] c:\windows\system32\drivers\mouclass.sys [Scan path] c:\windows\system32\drivers\mrxdav.sys [Scan path] c:\windows\system32\drivers\mrxsmb.sys [Scan path] c:\windows\system32\drivers\msgpc.sys [Scan path] c:\windows\system32\drivers\mskssrv.sys [Scan path] c:\windows\system32\drivers\mspclock.sys [Scan path] c:\windows\system32\drivers\mspqm.sys [Scan path] c:\windows\system32\drivers\mssmbios.sys [Scan path] c:\windows\system32\drivers\mstee.sys [Scan path] c:\windows\system32\drivers\nabtsfec.sys [Scan path] c:\windows\system32\drivers\ndisip.sys [Scan path] c:\windows\system32\drivers\ndistapi.sys [Scan path] c:\windows\system32\drivers\ndisuio.sys [Scan path] c:\windows\system32\drivers\ndiswan.sys [Scan path] c:\windows\system32\drivers\netbios.sys [Scan path] c:\windows\system32\drivers\netbt.sys [Scan path] c:\windows\system32\drivers\nv4_mini.sys [Scan path] c:\windows\system32\drivers\nvcap.sys [Scan path] c:\windows\system32\drivers\nvtunep.sys [Scan path] c:\windows\system32\drivers\nvtvsnd.sys [Scan path] c:\windows\system32\drivers\nvxbar.sys [Scan path] c:\windows\system32\drivers\nwlnkflt.sys [Scan path] c:\windows\system32\drivers\nwlnkfwd.sys [Scan path] c:\windows\system32\drivers\parport.sys [Scan path] c:\windows\system32\drivers\pci.sys [Scan path] c:\windows\system32\drivers\psched.sys [Scan path] c:\windows\system32\drivers\ptilink.sys [Scan path] c:\windows\system32\drivers\rasacd.sys [Scan path] c:\windows\system32\drivers\rasl2tp.sys [Scan path] c:\windows\system32\drivers\raspppoe.sys [Scan path] c:\windows\system32\drivers\raspptp.sys [Scan path] c:\windows\system32\drivers\raspti.sys [Scan path] c:\windows\system32\drivers\rdbss.sys [Scan path] c:\windows\system32\drivers\rdpcdd.sys [Scan path] c:\windows\system32\drivers\rdpdr.sys [Scan path] c:\windows\system32\drivers\redbook.sys [Scan path] c:\windows\system32\drivers\scsiport.sys [Scan path] c:\windows\system32\drivers\secdrv.sys [Scan path] c:\windows\system32\drivers\serenum.sys [Scan path] c:\windows\system32\drivers\serial.sys [Scan path] c:\windows\system32\drivers\slip.sys [Scan path] c:\windows\system32\drivers\smwdm.sys [Scan path] c:\windows\system32\drivers\sonypvu1.sys [Scan path] c:\windows\system32\drivers\splitter.sys [Scan path] c:\windows\system32\drivers\sr.sys [Scan path] c:\windows\system32\drivers\srv.sys [Scan path] c:\windows\system32\drivers\streamip.sys [Scan path] c:\windows\system32\drivers\swenum.sys [Scan path] c:\windows\system32\drivers\swmidi.sys [Scan path] c:\windows\system32\drivers\sysaudio.sys [Scan path] c:\windows\system32\drivers\tcpip.sys [Scan path] c:\windows\system32\drivers\termdd.sys [Scan path] c:\windows\system32\drivers\update.sys [Scan path] c:\windows\system32\drivers\usbdvr2n.sys [Scan path] c:\windows\system32\drivers\usbehci.sys [Scan path] c:\windows\system32\drivers\usbhub.sys [Scan path] c:\windows\system32\drivers\usbprint.sys [Scan path] c:\windows\system32\drivers\usbstor.sys [Scan path] c:\windows\system32\drivers\usbuhci.sys [Scan path] c:\windows\system32\drivers\vga.sys [Scan path] c:\windows\system32\drivers\viaagp1.sys [Scan path] c:\windows\system32\drivers\viaide.sys [Scan path] c:\windows\system32\drivers\wanarp.sys [Scan path] c:\windows\system32\drivers\wdmaud.sys [Scan path] c:\windows\system32\drivers\wpdusb.sys [Scan path] c:\windows\system32\drivers\wstcodec.sys [Scan path] c:\windows\system32\dskquoui.dll [Scan path] c:\windows\system32\dsquery.dll [Scan path] c:\windows\system32\dssec.dll [Scan path] c:\windows\system32\dsuiext.dll [Scan path] c:\windows\system32\dumprep.exe [Scan path] c:\windows\system32\e_sl2375.dll [Scan path] c:\windows\system32\extmgr.dll [Scan path] c:\windows\system32\fontext.dll [Scan path] c:\windows\system32\gdi32.dll [Scan path] c:\windows\system32\hticons.dll [Scan path] c:\windows\system32\icmui.dll [Scan path] c:\windows\system32\ie4uinit.exe [Scan path] c:\windows\system32\iedkcs32.dll [Scan path] c:\windows\system32\ieframe.dll [Scan path] c:\windows\system32\ieudinit.exe [Scan path] c:\windows\system32\imagehlp.dll [Scan path] c:\windows\system32\imapi.exe [Scan path] c:\windows\system32\inetcomm.dll [Scan path] c:\windows\system32\itss.dll [Scan path] c:\windows\system32\kerberos.dll [Scan path] c:\windows\system32\kernel32.dll [Scan path] c:\windows\system32\localspl.dll [Scan path] c:\windows\system32\locator.exe [Scan path] c:\windows\system32\logonui.exe [Scan path] c:\windows\system32\lsass.exe [Scan path] c:\windows\system32\lz32.dll [Scan path] c:\windows\system32\mmcshext.dll [Scan path] c:\windows\system32\mmsys.cpl [Scan path] c:\windows\system32\mnmsrvc.exe [Scan path] c:\windows\system32\mscoree.dll [Scan path] c:\windows\system32\mscories.dll [Scan path] c:\windows\system32\msdtc.exe [Scan path] c:\windows\system32\mshtml.dll [Scan path] c:\windows\system32\msieftp.dll [Scan path] c:\windows\system32\msiexec.exe [Scan path] c:\windows\system32\mstask.dll [Scan path] c:\windows\system32\msv1_0.dll [Scan path] c:\windows\system32\msvidctl.dll [Scan path] c:\windows\system32\mswsock.dll [Scan path] c:\windows\system32\mydocs.dll [Scan path] c:\windows\system32\netdde.exe [Scan path] c:\windows\system32\netplwiz.dll [Scan path] c:\windows\system32\netshell.dll [Scan path] c:\windows\system32\ntlanui2.dll [Scan path] c:\windows\system32\ntsd.exe [Scan path] c:\windows\system32\ntshrui.dll [Scan path] c:\windows\system32\ntsim.sys [Scan path] c:\windows\system32\nvcpl.dll [Scan path] c:\windows\system32\nvshell.dll [Scan path] c:\windows\system32\nvsvc32.exe [Scan path] c:\windows\system32\occache.dll [Scan path] c:\windows\system32\ole32.dll [Scan path] c:\windows\system32\oleaut32.dll [Scan path] c:\windows\system32\olecli32.dll [Scan path] c:\windows\system32\olecnv32.dll [Scan path] c:\windows\system32\olesvr32.dll [Scan path] c:\windows\system32\olethk32.dll [Scan path] c:\windows\system32\photowiz.dll [Scan path] c:\windows\system32\pjlmon.dll [Scan path] c:\windows\system32\printui.dll [Scan path] c:\windows\system32\regsvr32.exe [Scan path] c:\windows\system32\remotepg.dll [Scan path] c:\windows\system32\rpcrt4.dll [Scan path] c:\windows\system32\rpcss.dll [Scan path] c:\windows\system32\rshx32.dll [Scan path] c:\windows\system32\rsvp.exe [Scan path] c:\windows\system32\rsvpsp.dll [Scan path] c:\windows\system32\rundll32.exe [Scan path] c:\windows\system32\scardsvr.exe [Scan path] c:\windows\system32\scecli.dll [Scan path] c:\windows\system32\schannel.dll [Scan path] c:\windows\system32\sclgntfy.dll [Scan path] c:\windows\system32\sendmail.dll [Scan path] c:\windows\system32\services.exe [Scan path] c:\windows\system32\sessmgr.exe [Scan path] c:\windows\system32\shdocvw.dll [Scan path] c:\windows\system32\shell32.dll [Scan path] c:\windows\system32\shimgvw.dll [Scan path] c:\windows\system32\shmedia.dll [Scan path] c:\windows\system32\shmgrate.exe [Scan path] c:\windows\system32\shscrap.dll [Scan path] c:\windows\system32\slayerxp.dll [Scan path] c:\windows\system32\smlogsvc.exe [Scan path] c:\windows\system32\smss.exe [Scan path] c:\windows\system32\spool\drivers\w32x86\3\e_srcv03.exe [Scan path] c:\windows\system32\spoolsv.exe [Scan path] c:\windows\system32\stobject.dll [Scan path] c:\windows\system32\svchost.exe [Scan path] c:\windows\system32\syncui.dll [Scan path] c:\windows\system32\tcpmon.dll [Scan path] c:\windows\system32\themeui.dll [Scan path] c:\windows\system32\tlntsvr.exe [Scan path] c:\windows\system32\twext.dll [Scan path] c:\windows\system32\ups.exe [Scan path] c:\windows\system32\url.dll [Scan path] c:\windows\system32\urlmon.dll [Scan path] c:\windows\system32\usbmon.dll [Scan path] c:\windows\system32\user32.dll [Scan path] c:\windows\system32\version.dll [Scan path] c:\windows\system32\vssvc.exe [Scan path] c:\windows\system32\wbem\wmiapsrv.exe [Scan path] c:\windows\system32\wdfmgr.exe [Scan path] c:\windows\system32\wdigest.dll [Scan path] c:\windows\system32\webcheck.dll [Scan path] c:\windows\system32\wiascr.dll [Scan path] c:\windows\system32\wiashext.dll [Scan path] c:\windows\system32\wininet.dll [Scan path] c:\windows\system32\winlogon.exe [Scan path] c:\windows\system32\wldap32.dll [Scan path] c:\windows\system32\wlnotify.dll [Scan path] c:\windows\system32\wmpshell.dll [Scan path] c:\windows\system32\wshext.dll [Scan path] c:\windows\system32\wuaucpl.cpl [Scan path] c:\windows\system32\zipfldr.dll ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 332 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 4563 Kb/s Scan time: 00:00:22 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Objects scanned: 332 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 4563 Kb/s Scan time: 00:00:22 ============================================================================= ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2007-01-05, 08:55:20 [TOIMISTO][Kamtek Oy] Command-line: "C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.5.10110) Engine API version: 2.01 [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 274 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 879 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 378 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 353 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records [Virus base] C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 165726 Key file: C:\DOCUME~1\KAMTEK~1\LOCALS~1\Temp\RarSFX0\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\adobe acrobat speed launcher.lnk [Scan path] c:\documents and settings\all users\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini [Scan path] c:\documents and settings\kamtek oy\käynnistä-valikko\ohjelmat\käynnistys\desktop.ini [Scan path] c:\documents and settings\kamtek oy\local settings\temp\rarsfx0\_start.exe [Scan path] c:\documents and settings\kamtek oy\local settings\temp\rarsfx0\cureit.exe [Scan path] c:\documents and settings\kamtek oy\työpöytä\drweb-cureit.exe [Scan path] c:\program files\adobe\acrobat 7.0\acrobat elements\contextmenu.dll [Scan path] c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll [Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll [Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll [Scan path] c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe [Scan path] c:\program files\analog devices\soundmax\smagent.exe [Scan path] c:\program files\analog devices\soundmax\smtray.exe [Scan path] c:\program files\antivir personaledition classic\avgio.sys [Scan path] c:\program files\antivir personaledition classic\avgntflt.sys [Scan path] c:\program files\antivir personaledition classic\avguard.exe [Scan path] c:\program files\antivir personaledition classic\sched.exe [Scan path] c:\program files\antivir personaledition classic\shlext.dll [Scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe [Scan path] c:\program files\common files\epson\ebapi\eebsvc.exe [Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe [Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll [Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll [Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll [Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll [Scan path] c:\program files\common files\system\ole db\oledb32.dll [Scan path] c:\program files\elisa tietoturvapalvelu\anti-spyware\fsaw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsav32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsgk32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsgk32st.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsqh.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fsrw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\fssm32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsfilter.sys [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsgk.sys [Scan path] c:\program files\elisa tietoturvapalvelu\anti-virus\win2k\fsrec.sys [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\fspex.exe [Scan path] c:\program files\elisa tietoturvapalvelu\backweb\4119343\program\servicewrapper-4119343.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fameh32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fch32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsm32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsma32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\common\fsmb32.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\fsguidll.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\fssw.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fsgui\ispnews.exe [Scan path] c:\program files\elisa tietoturvapalvelu\fwes\program\fsdfwd.exe [Scan path] c:\program files\elisa tietoturvapalvelu\tnb\tnbutil.exe [Scan path] c:\program files\google\googletoolbar2.dll [Scan path] c:\program files\google\googletoolbarnotifier\1.2.908.5008\googletoolbarnotifier.exe [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll [Scan path] c:\program files\ipod\bin\ipodservice.exe [Scan path] c:\program files\itunes\itunesminiplayer.dll [Scan path] c:\program files\messenger\msmsgs.exe [Scan path] c:\program files\microsoft office\office10\msohev.dll [Scan path] c:\program files\msn messenger\msgrapp.dll [Scan path] c:\program files\outlook express\setup50.exe [Scan path] c:\program files\outlook express\wabfind.dll [Scan path] c:\program files\quicktime\qttask.exe [Scan path] c:\program files\winrar\rarext.dll [Scan path] c:\transmar\bin\transdaemon.exe [Scan path] c:\transmar\bin\transmartservice.exe [Scan path] c:\windows\explorer.exe [Scan path] c:\windows\inf\unregmp2.exe [Scan path] c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe [Scan path] c:\windows\msagent\agentpsh.dll [Scan path] c:\windows\system32\adobepdf.dll [Scan path] c:\windows\system32\advapi32.dll [Scan path] c:\windows\system32\advpack.dll [Scan path] c:\windows\system32\alg.exe [Scan path] c:\windows\system32\appwiz.cpl [Scan path] c:\windows\system32\audiodev.dll [Scan path] c:\windows\system32\autochk.exe [Scan path] c:\windows\system32\browseui.dll [Scan path] c:\windows\system32\cabview.dll [Scan path] c:\windows\system32\cisvc.exe [Scan path] c:\windows\system32\clipsrv.exe [Scan path] c:\windows\system32\cnbjmon.dll [Scan path] c:\windows\system32\comdlg32.dll [Scan path] c:\windows\system32\crypt32.dll [Scan path] c:\windows\system32\cryptext.dll [Scan path] c:\windows\system32\cryptnet.dll [Scan path] c:\windows\system32\cscdll.dll [Scan path] c:\windows\system32\cscui.dll [Scan path] c:\windows\system32\csrss.exe [Scan path] c:\windows\system32\ctfmon.exe [Scan path] c:\windows\system32\deskadp.dll [Scan path] c:\windows\system32\deskmon.dll [Scan path] c:\windows\system32\deskperf.dll [Scan path] c:\windows\system32\dfsshlex.dll [Scan path] c:\windows\system32\diskcopy.dll [Scan path] c:\windows\system32\dllhost.exe [Scan path] c:\windows\system32\dmadmin.exe [Scan path] c:\windows\system32\docprop.dll [Scan path] c:\windows\system32\docprop2.dll [Scan path] c:\windows\system32\drivers\acpi.sys [Scan path] c:\windows\system32\drivers\aeaudio.sys [Scan path] c:\windows\system32\drivers\aec.sys [Scan path] c:\windows\system32\drivers\afd.sys [Scan path] c:\windows\system32\drivers\akshasp.sys [Scan path] c:\windows\system32\drivers\aksusb.sys [Scan path] c:\windows\system32\drivers\amdk7.sys [Scan path] c:\windows\system32\drivers\amdtools.sys [Scan path] c:\windows\system32\drivers\an983.sys [Scan path] c:\windows\system32\drivers\asyncmac.sys [Scan path] c:\windows\system32\drivers\atapi.sys [Scan path] c:\windows\system32\drivers\atmarpc.sys [Scan path] c:\windows\system32\drivers\audstub.sys [Scan path] c:\windows\system32\drivers\avgascln.sys [Scan path] c:\windows\system32\drivers\ccdecode.sys [Scan path] c:\windows\system32\drivers\cdrom.sys [Scan path] c:\windows\system32\drivers\disk.sys [Scan path] c:\windows\system32\drivers\dmboot.sys [Scan path] c:\windows\system32\drivers\dmio.sys [Scan path] c:\windows\system32\drivers\dmload.sys [Scan path] c:\windows\system32\drivers\dmusic.sys [Scan path] c:\windows\system32\drivers\drmkaud.sys [Scan path] c:\windows\system32\drivers\dstaud.sys [Scan path] c:\windows\system32\drivers\dstvid.sys [Scan path] c:\windows\system32\drivers\dumant.sys [Scan path] c:\windows\system32\drivers\fdc.sys [Scan path] c:\windows\system32\drivers\fetnd5b.sys [Scan path] c:\windows\system32\drivers\fetnd5bv.sys [Scan path] c:\windows\system32\drivers\flpydisk.sys [Scan path] c:\windows\system32\drivers\fltmgr.sys [Scan path] c:\windows\system32\drivers\fsdfw.sys [Scan path] c:\windows\system32\drivers\ftdisk.sys [Scan path] c:\windows\system32\drivers\gameenum.sys [Scan path] c:\windows\system32\drivers\gearaspiwdm.sys [Scan path] c:\windows\system32\drivers\hardlock.sys [Scan path] c:\windows\system32\drivers\hidusb.sys [Scan path] c:\windows\system32\drivers\http.sys [Scan path] c:\windows\system32\drivers\i8042prt.sys [Scan path] c:\windows\system32\drivers\imapi.sys [Scan path] c:\windows\system32\drivers\ip6fw.sys [Scan path] c:\windows\system32\drivers\ipfltdrv.sys [Scan path] c:\windows\system32\drivers\ipinip.sys [Scan path] c:\windows\system32\drivers\ipnat.sys [Scan path] c:\windows\system32\drivers\ipsec.sys [Scan path] c:\windows\system32\drivers\irenum.sys [Scan path] c:\windows\system32\drivers\isapnp.sys [Scan path] c:\windows\system32\drivers\kbdclass.sys [Scan path] c:\windows\system32\drivers\kmixer.sys [Scan path] c:\windows\system32\drivers\mouclass.sys [Scan path] c:\windows\system32\drivers\mrxdav.sys [Scan path] c:\windows\system32\drivers\mrxsmb.sys [Scan path] c:\windows\system32\drivers\msgpc.sys [Scan path] c:\windows\system32\drivers\mskssrv.sys [Scan path] c:\windows\system32\drivers\mspclock.sys [Scan path] c:\windows\system32\drivers\mspqm.sys [Scan path] c:\windows\system32\drivers\mssmbios.sys [Scan path] c:\windows\system32\drivers\mstee.sys [Scan path] c:\windows\system32\drivers\nabtsfec.sys [Scan path] c:\windows\system32\drivers\ndisip.sys [Scan path] c:\windows\system32\drivers\ndistapi.sys [Scan path] c:\windows\system32\drivers\ndisuio.sys [Scan path] c:\windows\system32\drivers\ndiswan.sys [Scan path] c:\windows\system32\drivers\netbios.sys [Scan path] c:\windows\system32\drivers\netbt.sys [Scan path] c:\windows\system32\drivers\nv4_mini.sys [Scan path] c:\windows\system32\drivers\nvcap.sys [Scan path] c:\windows\system32\drivers\nvtunep.sys [Scan path] c:\windows\system32\drivers\nvtvsnd.sys [Scan path] c:\windows\system32\drivers\nvxbar.sys [Scan path] c:\windows\system32\drivers\nwlnkflt.sys [Scan path] c:\windows\system32\drivers\nwlnkfwd.sys [Scan path] c:\windows\system32\drivers\parport.sys [Scan path] c:\windows\system32\drivers\pci.sys [Scan path] c:\windows\system32\drivers\psched.sys [Scan path] c:\windows\system32\drivers\ptilink.sys [Scan path] c:\windows\system32\drivers\rasacd.sys [Scan path] c:\windows\system32\drivers\rasl2tp.sys [Scan path] c:\windows\system32\drivers\raspppoe.sys [Scan path] c:\windows\system32\drivers\raspptp.sys [Scan path] c:\windows\system32\drivers\raspti.sys [Scan path] c:\windows\system32\drivers\rdbss.sys [Scan path] c:\windows\system32\drivers\rdpcdd.sys [Scan path] c:\windows\system32\drivers\rdpdr.sys [Scan path] c:\windows\system32\drivers\redbook.sys [Scan path] c:\windows\system32\drivers\scsiport.sys [Scan path] c:\windows\system32\drivers\secdrv.sys [Scan path] c:\windows\system32\drivers\serenum.sys [Scan path] c:\windows\system32\drivers\serial.sys [Scan path] c:\windows\system32\drivers\slip.sys [Scan path] c:\windows\system32\drivers\smwdm.sys [Scan path] c:\windows\system32\drivers\sonypvu1.sys [Scan path] c:\windows\system32\drivers\splitter.sys [Scan path] c:\windows\system32\drivers\sr.sys [Scan path] c:\windows\system32\drivers\srv.sys [Scan path] c:\windows\system32\drivers\streamip.sys [Scan path] c:\windows\system32\drivers\swenum.sys [Scan path] c:\windows\system32\drivers\swmidi.sys [Scan path] c:\windows\system32\drivers\sysaudio.sys [Scan path] c:\windows\system32\drivers\tcpip.sys [Scan path] c:\windows\system32\drivers\termdd.sys [Scan path] c:\windows\system32\drivers\update.sys [Scan path] c:\windows\system32\drivers\usbdvr2n.sys [Scan path] c:\windows\system32\drivers\usbehci.sys [Scan path] c:\windows\system32\drivers\usbhub.sys [Scan path] c:\windows\system32\drivers\usbprint.sys [Scan path] c:\windows\system32\drivers\usbstor.sys [Scan path] c:\windows\system32\drivers\usbuhci.sys [Scan path] c:\windows\system32\drivers\vga.sys [Scan path] c:\windows\system32\drivers\viaagp1.sys [Scan path] c:\windows\system32\drivers\viaide.sys [Scan path] c:\windows\system32\drivers\wanarp.sys [Scan path] c:\windows\system32\drivers\wdmaud.sys [Scan path] c:\windows\system32\drivers\wpdusb.sys [Scan path] c:\windows\system32\drivers\wstcodec.sys [Scan path] c:\windows\system32\dskquoui.dll [Scan path] c:\windows\system32\dsquery.dll [Scan path] c:\windows\system32\dssec.dll [Scan path] c:\windows\system32\dsuiext.dll [Scan path] c:\windows\system32\dumprep.exe [Scan path] c:\windows\system32\e_sl2375.dll [Scan path] c:\windows\system32\extmgr.dll [Scan path] c:\windows\system32\fontext.dll [Scan path] c:\windows\system32\gdi32.dll [Scan path] c:\windows\system32\hticons.dll [Scan path] c:\windows\system32\icmui.dll [Scan path] c:\windows\system32\ie4uinit.exe [Scan path] c:\windows\system32\iedkcs32.dll [Scan path] c:\windows\system32\ieframe.dll [Scan path] c:\windows\system32\ieudinit.exe [Scan path] c:\windows\system32\imagehlp.dll [Scan path] c:\windows\system32\imapi.exe [Scan path] c:\windows\system32\inetcomm.dll [Scan path] c:\windows\system32\itss.dll [Scan path] c:\windows\system32\kerberos.dll [Scan path] c:\windows\system32\kernel32.dll [Scan path] c:\windows\system32\localspl.dll [Scan path] c:\windows\system32\locator.exe [Scan path] c:\windows\system32\logonui.exe [Scan path] c:\windows\system32\lsass.exe [Scan path] c:\windows\system32\lz32.dll [Scan path] c:\windows\system32\mmcshext.dll [Scan path] c:\windows\system32\mmsys.cpl [Scan path] c:\windows\system32\mnmsrvc.exe [Scan path] c:\windows\system32\mscoree.dll [Scan path] c:\windows\system32\mscories.dll [Scan path] c:\windows\system32\msdtc.exe [Scan path] c:\windows\system32\mshtml.dll [Scan path] c:\windows\system32\msieftp.dll [Scan path] c:\windows\system32\msiexec.exe [Scan path] c:\windows\system32\mstask.dll [Scan path] c:\windows\system32\msv1_0.dll [Scan path] c:\windows\system32\msvidctl.dll [Scan path] c:\windows\system32\mswsock.dll [Scan path] c:\windows\system32\mydocs.dll [Scan path] c:\windows\system32\netdde.exe [Scan path] c:\windows\system32\netplwiz.dll [Scan path] c:\windows\system32\netshell.dll [Scan path] c:\windows\system32\ntlanui2.dll [Scan path] c:\windows\system32\ntsd.exe [Scan path] c:\windows\system32\ntshrui.dll [Scan path] c:\windows\system32\ntsim.sys [Scan path] c:\windows\system32\nvcpl.dll [Scan path] c:\windows\system32\nvshell.dll [Scan path] c:\windows\system32\nvsvc32.exe [Scan path] c:\windows\system32\occache.dll [Scan path] c:\windows\system32\ole32.dll [Scan path] c:\windows\system32\oleaut32.dll [Scan path] c:\windows\system32\olecli32.dll [Scan path] c:\windows\system32\olecnv32.dll [Scan path] c:\windows\system32\olesvr32.dll [Scan path] c:\windows\system32\olethk32.dll [Scan path] c:\windows\system32\photowiz.dll [Scan path] c:\windows\system32\pjlmon.dll [Scan path] c:\windows\system32\printui.dll [Scan path] c:\windows\system32\regsvr32.exe [Scan path] c:\windows\system32\remotepg.dll [Scan path] c:\windows\system32\rpcrt4.dll [Scan path] c:\windows\system32\rpcss.dll [Scan path] c:\windows\system32\rshx32.dll [Scan path] c:\windows\system32\rsvp.exe [Scan path] c:\windows\system32\rsvpsp.dll [Scan path] c:\windows\system32\rundll32.exe [Scan path] c:\windows\system32\scardsvr.exe [Scan path] c:\windows\system32\scecli.dll [Scan path] c:\windows\system32\schannel.dll [Scan path] c:\windows\system32\sclgntfy.dll [Scan path] c:\windows\system32\sendmail.dll [Scan path] c:\windows\system32\services.exe [Scan path] c:\windows\system32\sessmgr.exe [Scan path] c:\windows\system32\shdocvw.dll [Scan path] c:\windows\system32\shell32.dll [Scan path] c:\windows\system32\shimgvw.dll [Scan path] c:\windows\system32\shmedia.dll [Scan path] c:\windows\system32\shmgrate.exe [Scan path] c:\windows\system32\shscrap.dll [Scan path] c:\windows\system32\slayerxp.dll [Scan path] c:\windows\system32\smlogsvc.exe [Scan path] c:\windows\system32\smss.exe [Scan path] c:\windows\system32\spool\drivers\w32x86\3\e_srcv03.exe [Scan path] c:\windows\system32\spoolsv.exe [Scan path] c:\windows\system32\stobject.dll [Scan path] c:\windows\system32\svchost.exe [Scan path] c:\windows\system32\syncui.dll [Scan path] c:\windows\system32\tcpmon.dll [Scan path] c:\windows\system32\themeui.dll [Scan path] c:\windows\system32\tlntsvr.exe [Scan path] c:\windows\system32\twext.dll [Scan path] c:\windows\system32\ups.exe [Scan path] c:\windows\system32\url.dll [Scan path] c:\windows\system32\urlmon.dll [Scan path] c:\windows\system32\usbmon.dll [Scan path] c:\windows\system32\user32.dll [Scan path] c:\windows\system32\version.dll [Scan path] c:\windows\system32\vssvc.exe [Scan path] c:\windows\system32\wbem\wmiapsrv.exe [Scan path] c:\windows\system32\wdfmgr.exe [Scan path] c:\windows\system32\wdigest.dll [Scan path] c:\windows\system32\webcheck.dll [Scan path] c:\windows\system32\wiascr.dll [Scan path] c:\windows\system32\wiashext.dll [Scan path] c:\windows\system32\wininet.dll [Scan path] c:\windows\system32\winlogon.exe [Scan path] c:\windows\system32\wldap32.dll [Scan path] c:\windows\system32\wlnotify.dll [Scan path] c:\windows\system32\wmpshell.dll [Scan path] c:\windows\system32\wshext.dll [Scan path] c:\windows\system32\wuaucpl.cpl [Scan path] c:\windows\system32\zipfldr.dll ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 331 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 4225 Kb/s Scan time: 00:00:22 ----------------------------------------------------------------------------- [Scan path] C:\ C:\Documents and Settings\Kamtek Oy\NTUSER.DAT - read error C:\Documents and Settings\Kamtek Oy\NTUSER~1.LOG - read error C:\Documents and Settings\Kamtek Oy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error C:\Documents and Settings\Kamtek Oy\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Documents and Settings\LocalService\NTUSER.DAT - read error C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Documents and Settings\NetworkService\NTUSER.DAT - read error C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chandir.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chandir.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chn.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\chn.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\D0000000.FCS - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\L0000072.FCS - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_die.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_die.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_dnd.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_dnd.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_ext.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_ext.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_rcv.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\prs_rcv.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\storydb.dat - read error C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Users\Default\Data\storydb.idx - read error C:\Program Files\Elisa Tietoturvapalvelu\Common\admin.pub - read error C:\Program Files\Elisa Tietoturvapalvelu\Common\policy.ipf - read error >C:\Program Files\WinRAR\Dos.SFXC:\WINDOWS\TempFile - read error C:\WINDOWS\system32\config\default - read error C:\WINDOWS\system32\config\default.LOG - read error C:\WINDOWS\system32\config\SAM - read error C:\WINDOWS\system32\config\SAM.LOG - read error C:\WINDOWS\system32\config\SECURITY - read error C:\WINDOWS\system32\config\SECURITY.LOG - read error C:\WINDOWS\system32\config\software - read error C:\WINDOWS\system32\config\software.LOG - read error C:\WINDOWS\system32\config\system - read error C:\WINDOWS\system32\config\system.LOG - read error [Scan path] F:\ ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 105698 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 136 Kb/s Scan time: 01:09:39 ----------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:16:14, on 5.1.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\TranSmar\bin\TransmartService.exe C:\TranSmar\bin\TransDaemon.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Muunna Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna linkin kohde Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna linkin kohde nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna valinta Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Muunna valinta nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Muunna valitut linkit Adobe PDF -muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Muunna valitut linkit nykyiseen PDF-muotoon - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166172716328 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {C87A3AD5-DE8E-4a2e-BF7B-D6BCD419DED1} (EnvivioTV MPEG-4 Source Filter) - http://www.envivio.tv/downloads/EnvivioTV/EnvivioTV-AutomaticInstaller.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TranSmart Server (TranSmartServer) - Unknown owner - C:\TranSmar\bin\TransmartService.exe
Moi! Lokit on OK Tarkista ääniasetukset Ohjauspaneli --->Äänet ja äänilaitteet Ja katso että oikeat kohdat on ruksattu Ja jos katselet elokuvia jonkun playerin kautta niin tarkista myös playerin ääni asetukset
Eli meinaatko että virukset olis tuhottu tältä koneelta? Todella paljon kiitoksia avusta ja opastuksesta!!! Joo kokeilin sieltä ohjauspaneelista mutta se ilmoittaa että ei äänilaitetta. Ainoa mikä siellä on niin midin toistolaite löytyy, ei muuta. Täytyy vissiin asentaa alkuperäseltä levyltä laitteet uudelleen.
