Firefox alkaa toisinaan yht'äkkiä olemaan huolimatta osoiteriville kirjoitettua www-osoitetta. Sen sijaan alkaa rullaamaan kursoria vasemmalta oikealle. Jos samalla menee valitsemaan jotakin ylävalikosta (File, Edit jne.), niin sama rullaus käynnistyy sielläkin. Konetta ei voi sammuttaa muuten kuin virtanäppäimellä. Pöpöjä tarkasteltu usealla ohjelmalla useaan kertaan, mutta ei löydy. Ohessa HijackThis-loki. Löytyisikö sieltä jotakin ylimääräistä. /JK Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:10:26, on 9.2.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\astsrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Samsung\EmoDio\SMSTray.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\Program Files\DynDNS Updater\DynUpPs.exe C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\DynDNS Updater\DynTray.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ulvila.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ulvila.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [MSI Live] C:\Program Files\MSI\MSI Live\SetWallpaper.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: SATARaid.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- End of file - 11992 bytes
Aveg8 ja nortonia koneella mikäs on käytöss ============ Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi
Alla loki. Saastaa ei löytynty. /JK Malwarebytes' Anti-Malware 1.33 Tietokantaversio: 1743 Windows 5.1.2600 Service Pack 3 10.2.2009 17:59:48 mbam-log-2009-02-10 (17-59-48).txt Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|M:\|Q:\|R:\|) Tarkistetut kohteet: 160260 Kulunut aika: 1 hour(s), 7 minute(s), 35 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 0 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: (Haitallisia kohteita ei löydetty)
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Alla loki ja raportti /JK HJT-loki Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:30, on 10.2.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\astsrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Samsung\EmoDio\SMSTray.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DynDNS Updater\DynUpPs.exe C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\DynDNS Updater\DynTray.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\SpamEater Pro 4\SpamEaterPro.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ulvila.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ulvila.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [MSI Live] C:\Program Files\MSI\MSI Live\SetWallpaper.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: SATARaid.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- End of file - 12272 bytes SDFix-report SDFix: Version 1.240 Run by Administrator on ti 10.02.2009 at 19:14 Microsoft Windows XP [Version 5.1.2600] Running From: C:\Documents and Settings\Administrator\Desktop\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : C:\WINDOWS :7ADEA7052AF347F3 48 :AstInfo 0 Total size: 48 bytes. WINDOWS: The process cannot access the file because it is being used by another process. Checking for remaining Streams C:\WINDOWS :AstInfo 0 Total size: 0 bytes. Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 19:25:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF4D3603-C7B4-A268-158F-FC562EE69141}] "hadechhpamhmehba"=hex:6f,61,6c,67,6b,64,70,65,6b,63,66,63,66,70,67,63,6e,67,6f,62,6c,.. "jagepgpknkaappeolgio"=hex:64,62,70,63,6e,6f,62,67,6b,62,65,69,69,70,67,68,6d,70,65,6b,6f,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"="C:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe:*:Enabled:iView Multimedia" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player" "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit" "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"="C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe:*:Enabled:Mozilla Thunderbird" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player" "C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\\Program Files\\Kjaeruff1\\PVRManager\\PVRManager.exe"="C:\\Program Files\\Kjaeruff1\\PVRManager\\PVRManager.exe:*:EnabledVR Manager" "C:\\Program Files\\kjaerulff1\\PVRManager\\PVRManager.exe"="C:\\Program Files\\kjaerulff1\\PVRManager\\PVRManager.exe:*:EnabledVR Manager" "C:\\Program Files\\kjaerulff1\\PVRManager\\MFServer.exe"="C:\\Program Files\\kjaerulff1\\PVRManager\\MFServer.exe:*:Enabled:MediaShare" "C:\\Program Files\\BUFFALO\\AirStation\\ecset\\ecset.exe"="C:\\Program Files\\BUFFALO\\AirStation\\ecset\\ecset.exe:*:Enabled:Ethernet Converter Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" Remaining Files : Files with Hidden Attributes : Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll" Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll" Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll" Sun 16 Mar 2008 216,064 ..SHR --- "C:\WINDOWS\system32\nbDX.dll" Mon 4 Oct 2004 417,792 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" Tue 11 May 2004 61,440 A..H. --- "C:\Program Files\Canon\Canon Setup Utility 2.3\uinstrsc.dll" Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll" Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll" Fri 26 Sep 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe" Tue 2 Oct 2007 16,384 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll" Sun 18 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll" Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll" Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll" Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll" Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll" Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll" Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll" Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll" Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll" Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll" Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll" Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll" Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll" Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll" Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll" Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll" Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll" Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll" Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll" Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll" Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll" Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll" Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe" Wed 7 Jan 2009 616,448 A.SH. --- "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\f8rbgkrh.TMP" Finished!
scannaa hjt:llä merkkaa paina Fix checked R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,77,65,62,5c,72,65,6c-,61,74,65,64,2e,68,74,6d,00 (file missing) ================ Lataa ja suorita Norton-poistotyökalu =============== 1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 älä asenna palautus consolia 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Alla ComboFix-loki /JK ComboFix 09-02-10.03 - Administrator 2009-02-11 17:43:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1403 [GMT 2:00] Sijainti: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) FW: AVG Firewall *enabled* * Uusi palautuspiste luotu VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !! . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\inst.exe . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-11 to 2009-02-11 ))))))))))))))))) . 2009-02-10 19:13 . 2009-02-10 19:13 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-10 19:09 . 2009-02-10 19:10 <DIR> d-------- c:\windows\ERUNT 2009-02-09 21:57 . 2009-02-09 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-02-09 21:56 . 2009-02-09 21:56 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-02-09 21:56 . 2009-02-09 21:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-03 17:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-03 17:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-02 18:12 . 2009-02-02 18:12 0 --a------ c:\windows\CleaningLab.INI 2009-02-02 18:10 . 2009-02-02 18:11 <DIR> d-------- c:\program files\MAGIX 2009-02-02 18:10 . 2009-02-02 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\MAGIX 2009-02-02 18:09 . 2009-02-02 18:11 <DIR> d-------- c:\windows\system32\MAGIX 2009-02-02 18:09 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll 2009-02-02 18:09 . 2009-02-02 18:11 5,937 --a------ c:\windows\mgxoschk.ini 2009-01-30 01:02 . 2009-01-30 01:02 103,488 --a------ c:\windows\system32\drivers\AnyDVD.sys 2009-01-30 00:57 . 2009-01-30 00:57 23,976 --a------ c:\windows\system32\drivers\ElbyCDIO.sys 2009-01-29 23:54 . 2009-01-29 23:54 89,256 --a------ c:\windows\system32\ElbyCDIO.dll 2009-01-29 20:21 . 2009-01-29 20:21 <DIR> d-------- c:\program files\Common Files\onOne Software Shared 2009-01-29 20:21 . 2005-08-21 15:57 227,840 --a------ c:\windows\system32\Deco_32.dll 2009-01-29 19:03 . 2009-02-11 16:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\nView_Wallpaper 2009-01-29 18:47 . 2009-01-29 18:47 0 --a------ c:\windows\msicpl.ini 2009-01-28 22:02 . 2009-01-29 20:21 <DIR> d-------- c:\program files\onOne Software 2009-01-28 22:02 . 2009-01-28 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\onOne Software 2009-01-28 22:02 . 2009-01-29 20:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\onOne Software 2009-01-28 22:02 . 2008-11-10 12:08 57,344 --a------ c:\windows\system32\ASTSRV.EXE 2009-01-27 21:42 . 2009-01-27 21:43 <DIR> d-------- c:\program files\Vuescan 2009-01-27 21:20 . 2009-01-28 18:44 <DIR> d-------- C:\VueScan 2009-01-25 17:21 . 2009-01-27 21:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire 2009-01-25 17:20 . 2009-01-25 17:20 <DIR> d-------- c:\program files\LimeWire 2009-01-23 16:04 . 2009-01-23 16:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search 2009-01-22 23:02 . 2009-01-22 23:07 <DIR> d-------- c:\program files\RegCure 2009-01-20 21:05 . 2009-01-30 20:21 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-01-20 20:21 . 2009-01-20 20:20 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-01-20 20:13 . 2009-01-20 20:13 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-18 21:24 . 2009-01-18 21:24 <DIR> d-------- c:\program files\Windows Defender 2009-01-15 19:27 . 2009-01-21 19:30 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-15 19:27 . 2009-01-15 19:27 1,409 --a------ c:\windows\QTFont.for . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-11 15:31 --------- d-----w c:\documents and settings\Administrator\Application Data\Orbit 2009-02-11 15:06 --------- d-----w c:\program files\SpamEater Pro 4 2009-02-11 15:05 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-10 19:15 --------- d-----w c:\program files\Mozilla Thunderbird 2009-02-09 19:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-08 13:35 --------- d-----w c:\program files\Orbitdownloader 2009-02-06 18:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-06 18:41 --------- d-----w c:\program files\SpywareBlaster 2009-02-06 16:34 --------- d-----w c:\program files\a-squared Free 2009-01-31 10:11 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-01-29 18:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-29 16:42 --------- d-----w c:\program files\MSI 2009-01-27 19:43 --------- d-----w c:\program files\Vuescan 2009-01-24 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-20 18:12 --------- d-----w c:\program files\Lavasoft 2009-01-18 17:48 --------- d-----w c:\program files\CCleaner 2009-01-15 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-15 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2009-01-15 15:06 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-15 15:06 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-01-15 15:06 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-15 15:06 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-09 15:39 --------- d-----w c:\program files\MRecord 2009-01-07 17:22 --------- d-----w c:\program files\BUFFALO 2009-01-07 15:21 --------- d-----w c:\program files\MMTaskbar 2009-01-07 15:18 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-01-05 15:42 --------- d-----w c:\program files\DynDNS Updater 2009-01-05 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DynDNS 2008-12-30 19:17 --------- d-----w c:\program files\kjaerulff1 2008-12-30 18:50 --------- d-----w c:\program files\Kjaeruff1 2008-12-26 16:04 --------- d-----w c:\documents and settings\Administrator\Application Data\SlySoft 2008-12-26 15:25 --------- d-----w c:\program files\PowerISO 2008-12-26 14:31 --------- d-----w c:\program files\DVDFab 5 2008-12-26 14:30 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2008-12-26 14:30 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys 2008-12-26 14:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Vso 2008-12-26 14:05 --------- d-----w c:\program files\ImgBurn 2008-12-23 14:19 --------- d-----w c:\program files\Common Files\Adobe 2008-12-18 20:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Digital Support 2008-12-18 20:23 --------- d-----w c:\program files\Digital Support 2008-12-18 19:09 --------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue 2008-12-14 14:02 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-14 14:02 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2007-11-27 18:15 2,148,360 ----a-w c:\documents and settings\Administrator\TRACE_HIBERNATE_1_1.BIN 2005-09-09 16:55 7,155,864 ----a-w c:\program files\NGhost10.msi 2005-09-09 16:55 37,766,164 ----a-w c:\program files\Data1.cab 2005-09-09 16:55 35 ----a-w c:\program files\SCSSDist.ini 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll 2008-08-27 17:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-29 509784] "SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "MSI Live"="c:\program files\MSI\MSI Live\SetWallpaper.exe" [2005-11-10 212992] "LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2008-04-30 498176] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-01-07 192512] DynDNS Updater.lnk - c:\program files\DynDNS Updater\DynUpPs.exe [2008-06-23 94208] EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2007-11-19 180224] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-20 692224] Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-10-05 1711304] SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-11-18 1019961] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-15 17:06 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-09-25 19:11 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --a------ 2004-01-14 03:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2005-09-25 19:11 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-11-02 10:38 167936 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2007-04-11 15:32 56080 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "a2free"=2 (0x2) "Bonjour Service"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Kjaeruff1\\PVRManager\\PVRManager.exe"= "c:\\Program Files\\kjaerulff1\\PVRManager\\PVRManager.exe"= "c:\\Program Files\\kjaerulff1\\PVRManager\\MFServer.exe"= "c:\\Program Files\\BUFFALO\\AirStation\\ecset\\ecset.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-07-15 12552] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-12-26 97408] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2006-12-26 10240] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-15 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-15 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-15 903960] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-15 298264] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-15 1339600] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-07-15 29208] R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2009-01-07 28160] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2007-11-18 4224] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-07-15 29208] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-06-19 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-06-19 8320] S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.sys [2003-08-26 41996] . 'Ajoitetut tehtävät'-kansion sisältö 2009-02-10 c:\windows\Tasks\Ad-Aware Update (Daily).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 20:21] 2009-02-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-02-11 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-11-27 20:55] 2009-01-22 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-11-27 20:55] . - - - - POISTETUT JÄMÄRIVIT - - - - HKCU-Run-AdobeBridge - (no file) HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll MSConfigStartUp-Norton Ghost 10 - c:\program files\Norton Ghost\Agent\GhostTray.exe . ------- Täydentävä tarkistus ------- . uStart Page = hxxp://www.ulvila.fi mStart Page = hxxp://www.ulvila.fi uInternet Settings,ProxyOverride = *.local IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftq6vobq.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.ulvila.fi FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll ---- FIREFOXIN KÄYTÄNNÖT ---- FF - user.js: network.http.pipelining - false FF - user.js: browser.search.suggest.enabled - true FF - user.js: network.http.proxy.pipelining - false FF - user.js: network.http.pipelining - false FF - user.js: browser.search.suggest.enabled - true FF - user.js: network.http.proxy.pipelining - false. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-11 17:44:56 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- LUKITUT REKISTERIAVAIMET --------------------- [HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF4D3603-C7B4-A268-158F-FC562EE69141}*] "hadechhpamhmehba"=hex:6f,61,6c,67,6b,64,70,65,6b,63,66,63,66,70,67,63,6e,67, 6f,62,6c,65,6e,65,6e,6f,66,6f,6a,6c,00,00 "jagepgpknkaappeolgio"=hex:64,62,70,63,6e,6f,62,67,6b,62,65,69,69,70,67,68,6d, 70,65,6b,6f,69,64,64,64,61,63,65,6a,62,6f,6d,70,64,66,62,6d,65,6a,70,00,00 . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'winlogon.exe'(2000) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Valmistumisajankohta: 2009-02-11 17:46:34 ComboFix-quarantined-files.txt 2009-02-11 15:46:32 Ennen ajoa: 47 553 081 344 bytes free Ajon jälkeen: 47,564,398,592 bytes free 287 --- E O F --- 2009-02-09 15:20:07
scannaa uusi hjt:n loki Luo poistolista: • Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Alla Uninstall-loki /JK 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 7-Zip 4.42 ABITEQ Ad-Aware Ad-Aware Adobe Anchor Service CS3 Adobe Anchor Service CS4 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color Common Settings Adobe Color Common Settings Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit CS4 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe Linguistics CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS3 Adobe Photoshop CS3 Adobe Photoshop CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Photoshop Lightroom 2 Adobe Reader 8.1.3 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Setup Adobe Setup Adobe Setup Adobe Setup Adobe Stock Photos CS3 Adobe Type Support CS4 Adobe Update Manager CS3 Adobe Update Manager CS4 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Advanced WindowsCare Personal AnyDVD a-squared Free 3.0 AVG 8.0 BUFFALO Ethernet Converter Manager Bullzip PDF Printer 6.0.0.695 Canon iP4300 Canon iP4300 -käyttäjän rekisteröinti Canon PhotoRecord Canon Setup Utility 2.3 Canon Utilities Easy-PrintToolBox CCleaner (remove only) CDDRV_Installer CD-LabelPrint CloneDVD2 CloneDVDmobile Connect DVD Flick DVD Shrink 3.2 DVDAuthorGUI (remove only) DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0 DynDNS Updater Easy CD-DA Extractor 11 Easy-WebPrint EmoDio EmoDio EPSON SMART PANEL for Scanner EPSON TWAIN 5 FlashMenu FocalPoint 1.0.2 Garmin City Navigator Europe NT 2008 Update Garmin POI Loader Garmin WebUpdater Genuine Fractals 5.0 GPL Ghostscript Lite 8.61 Hardware sensors monitor 4.4 HD Tune 2.54 HDD Health v3.3 Beta HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) IKEA Home Planner IMatch 3.6 ImgBurn Intel(R) PRO Network Adapters and Drivers IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 11 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 KhalInstallWrapper kuler Lightroom Logitech SetPoint Magic DVD Ripper V4.3.1 MAGIX Audio Cleaning Lab 14 Trial 9.0.2.0 (US) MAGIX Screenshare 4.3.6.1987 (US) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Baseline Security Analyzer 2.1 Microsoft Bootvis Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Expression Media 1.0 SP1 Microsoft Expression Web Microsoft Expression Web MUI (English) Microsoft Expression Web Service Pack 1 (SP1) Microsoft Expression Web Service Pack 1 (SP1) Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.6) Mozilla Thunderbird (2.0.0.19) MSVC80_x86 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) MyFreeCodec Nero 7 Ultra Edition Nokia Connectivity Cable Driver Nokia Flashing Cable Driver Nokia Map Loader Nokia PC Suite Nokia PC Suite Nokia Software Updater NVIDIA Drivers Orbit Downloader PC Connectivity Solution PC Fixer PDF Settings CS4 Photo Sorter 1.2.0.68 Photoshop Camera Raw PoiEdit PowerISO PowerQuest PartitionMagic 8.0 PVRManager QuickTime Alternative 1.81 Realtek AC'97 Audio RegCure 1.5.1.3 SATARaid SDP Downloader SeaTools for Windows Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Visio 2007 (KB947590) SpamEater Pro 4 Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy SpywareBlaster 4.1 Suite Shared Configuration CS4 SUPER © Version 2008.bld.33 (Sep 2, 2008) SUPERAntiSpyware Free Edition SyncBack Topfield Windows Applications Update for Microsoft Office 2007 Help for Common Features (KB957244) Update for Microsoft Office 2007 Help for Common Features (KB957244) Update for Microsoft Office Access 2007 Help (KB957241) Update for Microsoft Office Excel 2007 Help (KB957242) Update for Microsoft Office InfoPath 2007 Help (KB957243) Update for Microsoft Office OneNote 2007 Help (KB957245) Update for Microsoft Office Outlook 2007 (KB952142) Update for Microsoft Office Outlook 2007 Help (KB957246) Update for Microsoft Office PowerPoint 2007 Help (KB957247) Update for Microsoft Office Publisher 2007 Help (KB957249) Update for Microsoft Office Word 2007 Help (KB957252) Update for Microsoft Script Editor Help (KB957253) Update for Microsoft Script Editor Help (KB957253) Update for Office 2007 (KB946691) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb959141) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) VideoLAN VLC media player 0.8.6c ViewSonic Monitor Drivers Windows Defender Windows Driver Package - Nokia Modem (03/05/2008 3.7) Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) Windows Driver Package - Nokia Modem (05/22/2008 3.8) Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1) Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) Windows Imaging Component Windows Installer Clean Up Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinISO v5.3 WinRAR archiver WinZip 11.1 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VueScan Xilisoft DVD Ripper Ultimate XviD MPEG-4 Video Codec
Poista lisää poista sovelutuksesta a-squared Free 3.0 J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Spybot - Search & Destroy SUPERAntiSpyware Free Edition ================= Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon käynnistä nappi >apuohjelmat > muistio Tallenna se nimellä CFScript.txt työpöydälle Sitten raahaa CFScript ComboFix.exeen kuten alla. Laita tuleva loki tänne. Sammutat ja käynnistät koneen
Alla loki /JK ComboFix 09-02-12.01 - Administrator 2009-02-12 19:49:48.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1304 [GMT 2:00] Sijainti: c:\documents and settings\Administrator\Desktop\ComboFix.exe Käytetyt komentorivivalitsimet :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) FW: AVG Firewall *enabled* * Uusi palautuspiste luotu VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !! . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-12 to 2009-02-12 ))))))))))))))))) . 2009-02-11 20:08 . 2009-02-12 17:27 1,374 --a------ c:\windows\imsins.BAK 2009-02-10 19:13 . 2009-02-10 19:13 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-10 19:09 . 2009-02-10 19:10 <DIR> d-------- c:\windows\ERUNT 2009-02-09 21:57 . 2009-02-09 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-02-09 21:56 . 2009-02-12 19:43 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-02-09 21:56 . 2009-02-12 19:43 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-03 17:53 . 2009-02-03 17:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-03 17:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-03 17:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-02 18:12 . 2009-02-02 18:12 0 --a------ c:\windows\CleaningLab.INI 2009-02-02 18:10 . 2009-02-02 18:11 <DIR> d-------- c:\program files\MAGIX 2009-02-02 18:10 . 2009-02-02 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\MAGIX 2009-02-02 18:09 . 2009-02-02 18:11 <DIR> d-------- c:\windows\system32\MAGIX 2009-02-02 18:09 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll 2009-02-02 18:09 . 2009-02-02 18:11 5,937 --a------ c:\windows\mgxoschk.ini 2009-01-30 01:02 . 2009-01-30 01:02 103,488 --a------ c:\windows\system32\drivers\AnyDVD.sys 2009-01-30 00:57 . 2009-01-30 00:57 23,976 --a------ c:\windows\system32\drivers\ElbyCDIO.sys 2009-01-29 23:54 . 2009-01-29 23:54 89,256 --a------ c:\windows\system32\ElbyCDIO.dll 2009-01-29 20:21 . 2009-01-29 20:21 <DIR> d-------- c:\program files\Common Files\onOne Software Shared 2009-01-29 20:21 . 2005-08-21 15:57 227,840 --a------ c:\windows\system32\Deco_32.dll 2009-01-29 19:03 . 2009-02-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\nView_Wallpaper 2009-01-29 18:47 . 2009-01-29 18:47 0 --a------ c:\windows\msicpl.ini 2009-01-28 22:02 . 2009-01-29 20:21 <DIR> d-------- c:\program files\onOne Software 2009-01-28 22:02 . 2009-01-28 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\onOne Software 2009-01-28 22:02 . 2009-01-29 20:24 <DIR> d-------- c:\documents and settings\Administrator\Application Data\onOne Software 2009-01-28 22:02 . 2008-11-10 12:08 57,344 --a------ c:\windows\system32\ASTSRV.EXE 2009-01-27 21:42 . 2009-01-27 21:43 <DIR> d-------- c:\program files\Vuescan 2009-01-27 21:20 . 2009-01-28 18:44 <DIR> d-------- C:\VueScan 2009-01-25 17:21 . 2009-01-27 21:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire 2009-01-23 16:04 . 2009-01-23 16:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Windows Search 2009-01-22 23:02 . 2009-01-22 23:07 <DIR> d-------- c:\program files\RegCure 2009-01-20 21:05 . 2009-01-30 20:21 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-01-20 20:21 . 2009-01-20 20:20 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-01-20 20:13 . 2009-01-20 20:13 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-18 21:24 . 2009-01-18 21:24 <DIR> d-------- c:\program files\Windows Defender 2009-01-15 19:27 . 2009-01-21 19:30 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-15 19:27 . 2009-01-15 19:27 1,409 --a------ c:\windows\QTFont.for . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-12 17:48 --------- d-----w c:\program files\SpamEater Pro 4 2009-02-12 17:43 --------- d-----w c:\program files\Orbitdownloader 2009-02-12 17:43 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-02-12 17:42 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-12 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-12 17:41 --------- d-----w c:\program files\Java 2009-02-12 17:38 --------- d-----w c:\program files\a-squared Free 2009-02-12 17:29 --------- d-----w c:\program files\Mozilla Thunderbird 2009-02-12 17:14 --------- d-----w c:\documents and settings\Administrator\Application Data\Orbit 2009-02-12 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-11 16:07 --------- d-----w c:\program files\MSI 2009-02-11 15:05 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-06 18:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-06 18:41 --------- d-----w c:\program files\SpywareBlaster 2009-01-31 10:11 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-01-29 18:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-27 19:43 --------- d-----w c:\program files\Vuescan 2009-01-20 18:12 --------- d-----w c:\program files\Lavasoft 2009-01-18 17:48 --------- d-----w c:\program files\CCleaner 2009-01-15 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2009-01-15 15:06 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-15 15:06 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-01-15 15:06 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-15 15:06 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-09 15:39 --------- d-----w c:\program files\MRecord 2009-01-07 17:22 --------- d-----w c:\program files\BUFFALO 2009-01-07 15:21 --------- d-----w c:\program files\MMTaskbar 2009-01-07 15:18 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-01-05 15:42 --------- d-----w c:\program files\DynDNS Updater 2009-01-05 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DynDNS 2008-12-30 19:17 --------- d-----w c:\program files\kjaerulff1 2008-12-30 18:50 --------- d-----w c:\program files\Kjaeruff1 2008-12-26 16:04 --------- d-----w c:\documents and settings\Administrator\Application Data\SlySoft 2008-12-26 15:25 --------- d-----w c:\program files\PowerISO 2008-12-26 14:31 --------- d-----w c:\program files\DVDFab 5 2008-12-26 14:30 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2008-12-26 14:30 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys 2008-12-26 14:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Vso 2008-12-26 14:05 --------- d-----w c:\program files\ImgBurn 2008-12-23 14:19 --------- d-----w c:\program files\Common Files\Adobe 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-18 20:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Digital Support 2008-12-18 20:23 --------- d-----w c:\program files\Digital Support 2008-12-18 19:09 --------- d-----w c:\documents and settings\Administrator\Application Data\Uniblue 2008-12-14 14:02 410,984 ----a-w c:\windows\system32\deploytk.dll 2007-11-27 18:15 2,148,360 ----a-w c:\documents and settings\Administrator\TRACE_HIBERNATE_1_1.BIN 2005-09-09 16:55 7,155,864 ----a-w c:\program files\NGhost10.msi 2005-09-09 16:55 37,766,164 ----a-w c:\program files\Data1.cab 2005-09-09 16:55 35 ----a-w c:\program files\SCSSDist.ini 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll 2008-08-27 17:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-11_17.45.17,37 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll - 2009-01-15 15:19:19 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2009-02-12 15:28:24 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2009-01-15 15:19:21 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-02-12 15:28:26 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2009-01-15 15:19:20 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2009-02-12 15:28:25 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2009-01-15 15:19:20 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2009-02-12 15:28:25 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2009-01-15 15:19:21 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2009-02-12 15:28:26 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2009-01-15 15:19:21 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2009-02-12 15:28:26 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2009-01-15 15:19:21 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2009-02-12 15:28:26 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2009-01-15 15:19:20 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2009-02-12 15:28:26 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2009-01-15 15:19:20 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2009-02-12 15:28:26 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2009-01-15 15:19:21 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2009-02-12 15:28:26 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2009-01-15 15:19:21 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2009-02-12 15:28:26 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2009-01-15 15:19:20 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2009-02-12 15:28:25 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll + 2009-02-12 17:12:57 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_3c0.dat - 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 23:15:11 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll - 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll - 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:10:15 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe - 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 23:15:14 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll - 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 23:15:14 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll - 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll - 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 23:15:16 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 23:15:21 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll - 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c--a-w c:\windows\system32\dllcache\iexplore.exe - 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2009-01-16 19:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll + 2008-12-20 23:15:38 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll - 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll + 2008-12-20 23:15:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll - 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 23:15:40 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll - 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2009-01-16 19:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll - 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll + 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll - 2008-10-26 08:40:02 78,304 ----a-w c:\windows\system32\perfc009.dat + 2009-02-11 18:09:01 71,250 ----a-w c:\windows\system32\perfc009.dat - 2008-10-26 08:40:02 462,228 ----a-w c:\windows\system32\perfh009.dat + 2009-02-11 18:09:01 441,184 ----a-w c:\windows\system32\perfh009.dat - 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll + 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll - 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll - 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll . -- Snapshot nollattu tähän hetkeen -- . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-29 509784] "SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2008-09-17 484880] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600] "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DynDNS Updater.lnk - c:\program files\DynDNS Updater\DynUpPs.exe [2008-06-23 94208] EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2007-11-19 180224] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-20 692224] Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-10-05 1711304] SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2007-11-18 1019961] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-15 17:06 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2009-01-30 18:02 2542528 c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-09-25 19:11 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --a------ 2004-01-14 03:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2005-09-25 19:11 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-11-02 10:38 167936 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2007-04-11 15:32 56080 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-06-28 18:43 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "a2free"=2 (0x2) "Bonjour Service"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Kjaeruff1\\PVRManager\\PVRManager.exe"= "c:\\Program Files\\kjaerulff1\\PVRManager\\PVRManager.exe"= "c:\\Program Files\\kjaerulff1\\PVRManager\\MFServer.exe"= "c:\\Program Files\\BUFFALO\\AirStation\\ecset\\ecset.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-07-15 12552] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160] R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-12-26 97408] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2006-12-26 10240] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-15 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-15 107272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-15 903960] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-15 298264] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-15 1339600] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-07-15 29208] S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2007-11-18 4224] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-07-15 29208] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-06-19 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-06-19 8320] S3 TFBULK;Topfield USB client driver;c:\windows\system32\drivers\TfBulk.sys [2003-08-26 41996] . 'Ajoitetut tehtävät'-kansion sisältö 2009-02-11 c:\windows\Tasks\Ad-Aware Update (Daily).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 20:21] 2009-02-12 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-02-12 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-11-27 20:55] 2009-01-22 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-11-27 20:55] . - - - - POISTETUT JÄMÄRIVIT - - - - MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . ------- Täydentävä tarkistus ------- . uStart Page = hxxp://www.ulvila.fi mStart Page = hxxp://www.ulvila.fi uInternet Settings,ProxyOverride = *.local IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ftq6vobq.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.ulvila.fi FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll ---- FIREFOXIN KÄYTÄNNÖT ---- FF - user.js: network.http.pipelining - false FF - user.js: browser.search.suggest.enabled - true FF - user.js: network.http.proxy.pipelining - false FF - user.js: network.http.pipelining - false FF - user.js: browser.search.suggest.enabled - true FF - user.js: network.http.proxy.pipelining - false. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-12 19:52:02 Windows 5.1.2600 Service Pack 3 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . --------------------- LUKITUT REKISTERIAVAIMET --------------------- [HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF4D3603-C7B4-A268-158F-FC562EE69141}*] "hadechhpamhmehba"=hex:6f,61,6c,67,6b,64,70,65,6b,63,66,63,66,70,67,63,6e,67, 6f,62,6c,65,6e,65,6e,6f,66,6f,6a,6c,00,00 "jagepgpknkaappeolgio"=hex:64,62,70,63,6e,6f,62,67,6b,62,65,69,69,70,67,68,6d, 70,65,6b,6f,69,64,64,64,61,63,65,6a,62,6f,6d,70,64,66,62,6d,65,6a,70,00,00 . --------------------- Prosesseihin ladatut DLLt --------------------- - - - - - - - > 'winlogon.exe'(184) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Valmistumisajankohta: 2009-02-12 19:53:44 ComboFix-quarantined-files.txt 2009-02-12 17:53:42 ComboFix2.txt 2009-02-11 15:46:35 Ennen ajoa: 47 522 033 664 bytes free Ajon jälkeen: 47,507,849,216 bytes free 454 --- E O F --- 2009-02-12 15:28:29
Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon käynnistä nappi >apuohjelmat > muistio Tallenna se nimellä CFScript.txt työpöydälle Sitten raahaa CFScript ComboFix.exeen kuten alla. combofix työstää tulee sininen taulu paina numeroa 1 ja enter Laita tuleva loki tänne. Sammutat ja käynnistät koneen ================= Lataa JavaRa ja pura se työpöydällesi. ***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!*** * Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma. * Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select. * Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi. * Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK. * Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi. 4. Asenna uusin Java päivitys seuraavasta linkistä.. Lataa täältä uusi java Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 12 Paina Download Laita Platform -kohtaan Windows Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe Tallenna tiedosto vaikka työpöydälle ja asenna se. 5. Käynnistä kone uudelleen asennuksen jälkeen. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja: * Applications and Applets * Trace and Log Files Ja paina OK -nappia Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically Valitse Never check 11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
Javapoisto-loki JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Feb 12 20:29:06 2009 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting.
