HijackThis logi

Logfile of HijackThis v1.99.1
Scan saved at 21:48:19, on 29.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe
C:\WINDOWS\system32\CTHELPER.EXE
F:\Ohjelmat\PowerDVD6\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
F:\Ohjelmat\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\eero\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {91961425-7EA7-4657-AEE1-C831FCB0A26F} - C:\WINDOWS\SYSTEM32\yayyxwv.dll
O2 - BHO: (no name) - {9CA3201D-7266-4D20-9619-ACEB6158E022} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BFFCC8DC-DDD8-4D11-AFFF-1ADA7DCD2B7F} - C:\WINDOWS\system32\vturq.dll
O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O2 - BHO: (no name) - {F9971426-DC3F-4AAB-A373-84139DAE5008} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InfoPenMSN] "C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [RemoteControl] F:\Ohjelmat\PowerDVD6\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SmcService] F:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] F:\Ohjelmat\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ylqlcqhm.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Ohjelmat\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayyxwv - C:\WINDOWS\SYSTEM32\yayyxwv.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - (no file)
O23 - Service: Netbios Helper Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Sonic Solutions - (no file)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Ohjelmat\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe




Ihan varmuudeks, jos joku kehtais vilkaista onko mitään erikoista...

 

ohoh, hyvä kokoelma haittaohjelmia

======0

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

==========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Uusi hijackthislogi

 

Vundo log:

VundoFix V6.4.1

Checking Java version...

Scan started at 14:10:13 30.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\hggggfc.dll
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\qrutv.bak2
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\qrutv.tmp
C:\WINDOWS\system32\ssqolji.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\yayyxwv.dll
C:\WINDOWS\system32\ylqlcqhm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hggggfc.dll
C:\WINDOWS\system32\hggggfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\qrutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.bak2
C:\WINDOWS\system32\qrutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\qrutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrutv.tmp
C:\WINDOWS\system32\qrutv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqolji.dll
C:\WINDOWS\system32\ssqolji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yayyxwv.dll
C:\WINDOWS\system32\yayyxwv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyxwv.dll
C:\WINDOWS\system32\yayyxwv.dll Has been deleted!

Performing Repairs to the registry.
Done!


ComboFix log:

"eero" - 2007-05-30 14:38:37 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\eero\Ty”p”yt„\"

ADS removed - svchost.exe: deleted 68 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\Program Files\install.log"
"C:\WINDOWS\system32\kernel.dll"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP
-------\LEGACY_NPF


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))


2007-05-30 14:10 <KANSIO> d-------- C:\VundoFix Backups
2007-05-30 10:41 <KANSIO> d-------- C:\Program Files\ECA vrt-disk 2005 patch
2007-05-30 10:31 81,408 --a------ C:\WINDOWS\system32\drivers\SSHDRV86.sys
2007-05-30 10:29 97,072 --------- C:\WINDOWS\system32\Bwcc0007.dll
2007-05-30 10:29 96,928 --------- C:\WINDOWS\system32\Bwcc0spa.dll
2007-05-30 10:29 96,928 --------- C:\WINDOWS\system32\Bwcc000c.dll
2007-05-30 10:29 96,912 --------- C:\WINDOWS\system32\Bwcc0009.dll
2007-05-28 17:00 <KANSIO> d-------- C:\Program Files\Error Repair Professional
2007-05-26 16:13 <KANSIO> d-------- C:\Program Files\Raxco
2007-05-26 14:48 <KANSIO> d-------- C:\DOCUME~1\eero\APPLIC~1\TrojanHunter
2007-05-19 23:04 725,929 ---hs---- C:\WINDOWS\system32\sstwa.bak2
2007-05-19 00:20 <KANSIO> d-------- C:\Program Files\FRISK Software
2007-05-19 00:20 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FRISK Software
2007-05-18 23:02 723,219 ---hs---- C:\WINDOWS\system32\sstwa.bak1
2007-05-14 19:28 1,431,757 ---hs---- C:\WINDOWS\system32\gnfwdrbp.ini2
2007-05-14 16:33 777,555 ---hs---- C:\WINDOWS\system32\ihhkj.ini2
2007-05-12 22:59 737,280 --a------ C:\WINDOWS\system32\msvcp70d.dll
2007-05-12 22:59 536,576 --a------ C:\WINDOWS\system32\msvcr70d.dll
2007-05-12 22:59 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2007-05-12 22:59 12,550,144 --a------ C:\WINDOWS\CS-80V(10 voices).dll
2007-05-12 22:59 <KANSIO> d-------- C:\Program Files\Arturia
2007-05-12 19:47 726,663 ---hs---- C:\WINDOWS\system32\ihhkj.bak2
2007-05-11 20:52 <KANSIO> d-------- C:\DOCUME~1\eero\APPLIC~1\WinAntiSpyware 2007 Free
2007-05-11 20:35 <KANSIO> d-------- C:\DOCUME~1\eero\APPLIC~1\WinAntiSpyware 2007
2007-05-11 20:34 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007
2007-05-11 19:47 691,966 ---hs---- C:\WINDOWS\system32\ihhkj.bak1
2007-05-11 19:08 <KANSIO> d-------- C:\Program Files\Arovax AntiSpyware
2007-05-10 18:51 108 --------- C:\WINDOWS\st32sys.sys
2007-05-10 14:59 <KANSIO> d-------- C:\DOCUME~1\eero\APPLIC~1\National Instruments
2007-05-10 14:58 <KANSIO> d-------- C:\Program Files\Common Files\Bcgsoft
2007-05-10 14:51 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\National Instruments
2007-05-08 20:26 <KANSIO> d-------- C:\Program Files\Advanced Spyware Remover
2007-05-07 18:10 <KANSIO> d-------- C:\Program Files\NoAdware5.0
2007-05-06 13:58 <KANSIO> d-------- C:\Program Files\Diskeeper Corporation
2007-05-01 15:08 <KANSIO> d-------- C:\Program Files\Traction Software
2007-05-01 15:07 <KANSIO> d-------- C:\DOCUME~1\eero\APPLIC~1\GetRightToGo
2007-04-28 15:14 83,592 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-04-28 15:14 61,008 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-04-28 15:14 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-04-28 15:14 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-04-28 15:14 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-04-28 15:14 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-04-28 15:14 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-04-26 16:31 512 --a------ C:\ScanSectorLog.dat
2007-04-26 15:58 578,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-26 15:58 24,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-26 15:49 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-25 21:26 <KANSIO> d-------- C:\DOCUME~1\eero\APPLIC~1\MusicIP
2007-04-25 16:35 <KANSIO> d-------- C:\DOCUME~1\eero\APPLIC~1\Metacafe
2007-04-25 16:30 <KANSIO> d-------- C:\Program Files\Metacafe
2007-04-25 16:30 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Metacafe
2007-04-22 21:26 <KANSIO> d-------- C:\Program Files\VideoLAN
2007-04-14 19:26 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-14 19:26 <KANSIO> d-------- C:\WINDOWS\system32\FxsTmp
2007-04-14 19:25 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-14 19:25 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-14 19:25 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-14 19:25 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-14 19:25 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-14 19:25 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-14 19:25 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-14 19:25 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2007-04-14 19:25 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-14 19:25 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2007-04-14 19:25 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-14 19:25 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-14 19:25 135,680 --a------ C:\WINDOWS\system32\fxsclntR.dll
2007-04-14 19:25 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-14 19:25 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-14 19:25 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-14 19:25 111,616 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2007-04-14 19:25 11,264 --a------ C:\WINDOWS\system32\fxssend.exe
2007-04-14 16:13 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-12 22:14 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2007-04-12 22:09 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-30 11:47:25 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
2007-05-30 11:47:25 288 ----a-w C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
2007-05-30 04:15:13 -------- d-----w C:\DOCUME~1\eero\APPLIC~1\uTorrent
2007-05-29 21:16:03 -------- d-----w C:\Program Files\DC++
2007-05-29 17:26:38 -------- d-----r C:\Program Files\eMule
2007-05-28 20:42:35 -------- d-----w C:\Program Files\Bug Doctor
2007-05-28 13:49:19 10,562 ----a-w C:\WINDOWS\mozver.dat
2007-05-27 20:03:26 -------- d-----w C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2007-05-27 19:33:24 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-05-26 11:47:58 -------- d-----w C:\Program Files\FinnishIRC XP
2007-05-26 10:39:19 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 10:37:33 -------- d-----w C:\Program Files\Yahoo!
2007-05-26 10:36:40 -------- d-----w C:\Program Files\Lavasoft
2007-05-23 15:00:26 -------- d-----w C:\Program Files\Winamp
2007-05-20 15:43:12 -------- d-----w C:\DOCUME~1\eero\APPLIC~1\Vso
2007-05-18 16:49:15 -------- d-----w C:\Program Files\Steam
2007-05-16 21:39:04 -------- d-----w C:\Program Files\VstPlugins
2007-05-09 04:22:33 -------- d-----w C:\Program Files\Ajokorttikoulu
2007-05-01 12:10:40 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-26 13:46:16 4,212 -c-h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-14 16:32:43 84,378 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-04-14 16:32:43 398,024 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-04-14 16:25:54 -------- d-----w C:\Program Files\Windows NT
2007-04-12 19:18:33 -------- d--h--w C:\Program Files\Webroot
2007-04-12 18:20:51 -------- d-----w C:\Program Files\themexp
2007-03-28 20:23:27 -------- d-----w C:\Program Files\Common Files\DriveCleaner Free
2007-03-28 20:23:12 -------- d-----w C:\DOCUME~1\eero\APPLIC~1\info bend
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2004-06-14 13:55:14 56 -csh--r C:\WINDOWS\system32\F364534DF6.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17]
{30CC0E86-3AD2-4FE4-AC9F-AE26AD7735FB}=C:\WINDOWS\system32\vturq.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-07-07 18:27]
{E24AD748-155E-4254-B674-4EDF86E7E1DF}=C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL [2004-06-13 17:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2003-06-22 16:38]
"SoundMan"="SOUNDMAN.EXE" []
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2004-06-09 12:00]
"InfoPenMSN"="C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe" [2004-07-06 09:50]
"CTHelper"="CTHELPER.EXE" [2003-08-28 11:45 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"RemoteControl"="F:\Ohjelmat\PowerDVD6\PDVDServ.exe" [2004-11-02 20:24]
"nwiz"="nwiz.exe" [2002-09-27 16:38 C:\WINDOWS\system32\nwiz.exe]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-20 16:42]
"SmcService"="F:\Ohjelmat\Sygate\SPF\smc.exe" [2005-09-27 12:16]
"Anti Trojan Elite"="F:\Ohjelmat\Anti Trojan Elite\TJEnder.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="F:\Ohjelmat\AVG\avgcc.exe" [2007-05-29 23:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=F:\Ohjelmat\AVG\avgw.exe /RUNONCE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"NoDispCpl"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=0 (0x0)
"NoSharedDocuments"=00000000
"NoSMMyDocs"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtss]
C:\WINDOWS\system32\awtss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Image Zone -pikakäynnistys.lnk
backup=C:\WINDOWS\pss\HP Image Zone -pikakäynnistys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- setup.exe


Contents of the 'Scheduled Tasks' folder
2007-05-25 15:09:05 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-05-30 11:13:03 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 14:51:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

Completion time: 2007-05-30 14:55:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-30 14:54

--- E O F ---


Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 15:17:08, on 30.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Ohjelmat\AVG\avgamsvr.exe
F:\Ohjelmat\AVG\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
F:\Ohjelmat\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe
C:\WINDOWS\system32\CTHELPER.EXE
F:\Ohjelmat\PowerDVD6\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30CC0E86-3AD2-4FE4-AC9F-AE26AD7735FB} - C:\WINDOWS\system32\vturq.dll (file missing)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9CA3201D-7266-4D20-9619-ACEB6158E022} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O2 - BHO: (no name) - {F9971426-DC3F-4AAB-A373-84139DAE5008} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InfoPenMSN] "C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [RemoteControl] F:\Ohjelmat\PowerDVD6\PDVDServ.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] F:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Anti Trojan Elite] F:\Ohjelmat\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] F:\Ohjelmat\AVG\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Ohjelmat\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\Ohjelmat\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\Ohjelmat\AVG\avgupsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - (no file)
O23 - Service: Netbios Helper Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Sonic Solutions - (no file)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Ohjelmat\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

O4 - HKLM\..\Run: [Anti Trojan Elite] F:\Ohjelmat\Anti Trojan Elite\TJEnder.exe

Poista toi ohjelma ohjauspaneelin lisää/poista sovelluksen kautta

sitten poista tää kansio

F:\Ohjelmat\Anti Trojan Elite

Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.

==========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {30CC0E86-3AD2-4FE4-AC9F-AE26AD7735FB} - C:\WINDOWS\system32\vturq.dll (file missing)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - (no file)
O2 - BHO: (no name) - {9CA3201D-7266-4D20-9619-ACEB6158E022} - (no file)
O2 - BHO: (no name) - {F9971426-DC3F-4AAB-A373-84139DAE5008} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
Unknown
O4 - HKLM\..\Run: [Anti Trojan Elite] F:\Ohjelmat\Anti Trojan Elite\TJEnder.exe :NO
Unknown
O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\



Tässä ohje miten merkataan:


========

kopioi seuraavat rivit esim notepad:in

Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot

tuplaklikka hiirellä FIX.BAT :a



==========

1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokoneesi vikasietotilaan

Poista tiedosto C:\WINDOWS\system32\altsvc.exe

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin


HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

==========

Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille


==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Jos sinulla ei ole tätä java versiota (6.1): Vanha java saastuttaa helposti koneesi!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u1

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files


Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

 

AVG log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 0:41:11 31.5.2007

+ Scan result:



C:\Program Files\NoAdware5.0\nutils.dll -> Adware.WebRebates ok : Cleaned.
:mozilla.105:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.88:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.89:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.123:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.124:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.125:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.33:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.43:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.96:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.97:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.98:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.99:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.22:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.66:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.59:C:\Documents and Settings\eero\Application Data\Mozilla\Firefox\Profiles\default.2b2\cookies.txt -> TrackingCookie.Overture : Cleaned.


::Report end


Deckard's System Scanner

Deckard's System Scanner v20070426.43
Run by eero on 2007-05-31 at 10:46:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as eero.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:46:37, on 31.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
F:\Ohjelmat\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe
C:\WINDOWS\system32\CTHELPER.EXE
F:\Ohjelmat\PowerDVD6\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\eero\Työpöytä\dss.exe
C:\PROGRA~1\HIJACK~1\eero.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InfoPenMSN] "C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [RemoteControl] F:\Ohjelmat\PowerDVD6\PDVDServ.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] F:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Ohjelmat\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Ohjelmat\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


-- Files created between 2007-04-30 and 2007-05-31 -----------------------------

2007-05-31 10:42:46 0 dr-h----- C:\Documents and Settings\eero\Recent
2007-05-30 20:54:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-05-30 14:10:13 0 d-------- C:\VundoFix Backups
2007-05-30 10:41:07 0 d-------- C:\Program Files\ECA vrt-disk 2005 patch
2007-05-30 10:31:37 81408 --a------ C:\WINDOWS\system32\drivers\SSHDRV86.sys <Not Verified; ; ProtectCD>
2007-05-30 10:29:20 96928 -----n--- C:\WINDOWS\system32\Bwcc0spa.dll
2007-05-30 10:29:20 96928 -----n--- C:\WINDOWS\system32\Bwcc000c.dll
2007-05-30 10:29:20 96912 -----n--- C:\WINDOWS\system32\Bwcc0009.dll <Not Verified; Borland International; >
2007-05-30 10:29:20 97072 -----n--- C:\WINDOWS\system32\Bwcc0007.dll
2007-05-29 20:48:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-05-29 20:47:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2007-05-28 19:29:16 0 d-------- C:\WINDOWS\Sun
2007-05-28 19:29:15 0 d-------- C:\Documents and Settings\eero\Application Data\Sun
2007-05-28 16:47:16 0 d-------- C:\Program Files\Common Files\Java
2007-05-26 16:13:10 0 d-------- C:\Program Files\Raxco
2007-05-26 14:48:40 0 d-------- C:\Documents and Settings\eero\Application Data\TrojanHunter
2007-05-19 23:04:25 725929 ---hs---- C:\WINDOWS\system32\sstwa.bak2
2007-05-19 00:20:25 0 d-------- C:\Documents and Settings\All Users\Application Data\FRISK Software
2007-05-19 00:20:18 0 d-------- C:\Program Files\FRISK Software
2007-05-18 23:02:09 723219 ---hs---- C:\WINDOWS\system32\sstwa.bak1
2007-05-14 19:28:59 1431757 ---hs---- C:\WINDOWS\system32\gnfwdrbp.ini2
2007-05-14 16:33:33 777555 ---hs---- C:\WINDOWS\system32\ihhkj.ini2
2007-05-12 22:59:57 163840 --a------ C:\WINDOWS\system32\ArtFfct.dll <Not Verified; ; Bibliothèque de liaison dynamique FDlg>
2007-05-12 22:59:56 12550144 --a------ C:\WINDOWS\CS-80V(10 voices).dll
2007-05-12 22:59:30 0 d-------- C:\Program Files\Arturia
2007-05-12 19:47:22 726663 ---hs---- C:\WINDOWS\system32\ihhkj.bak2
2007-05-11 20:52:14 0 d-------- C:\Documents and Settings\eero\Application Data\WinAntiSpyware 2007 Free
2007-05-11 20:35:23 0 d-------- C:\Documents and Settings\eero\Application Data\WinAntiSpyware 2007
2007-05-11 20:34:23 0 d-------- C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
2007-05-11 19:47:08 691966 ---hs---- C:\WINDOWS\system32\ihhkj.bak1
2007-05-11 19:08:49 0 d-------- C:\Program Files\Arovax AntiSpyware
2007-05-10 18:51:09 108 -----n--- C:\WINDOWS\st32sys.sys
2007-05-10 14:59:49 0 d-------- C:\Documents and Settings\eero\Application Data\National Instruments
2007-05-10 14:58:38 0 d-------- C:\Program Files\Common Files\Bcgsoft
2007-05-10 14:51:57 0 d-------- C:\Documents and Settings\All Users\Application Data\National Instruments
2007-05-08 20:26:13 0 d-------- C:\Program Files\Advanced Spyware Remover
2007-05-07 18:10:30 0 d-------- C:\Program Files\NoAdware5.0
2007-05-06 13:58:07 0 d-------- C:\Program Files\Diskeeper Corporation
2007-05-01 15:08:21 0 d-------- C:\Program Files\Traction Software
2007-05-01 15:07:56 0 d-------- C:\Documents and Settings\eero\Application Data\GetRightToGo


-- Find3M Report ---------------------------------------------------------------

2007-05-31 01:23:53 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
2007-05-31 01:23:53 288 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-80661102}.dat
2007-05-31 01:11:30 0 dr------- C:\Program Files\eMule
2007-05-30 18:20:31 0 d-------- C:\Program Files\DC++
2007-05-30 07:15:13 0 d-------- C:\Documents and Settings\eero\Application Data\uTorrent
2007-05-28 23:42:35 0 d-------- C:\Program Files\Bug Doctor
2007-05-28 16:49:19 10562 --a------ C:\WINDOWS\mozver.dat
2007-05-28 16:49:06 0 d-------- C:\Program Files\Java
2007-05-27 23:03:26 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2007-05-27 22:33:24 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2007-05-26 14:47:58 0 d-------- C:\Program Files\FinnishIRC XP
2007-05-26 13:39:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-26 13:37:33 0 d-------- C:\Program Files\Yahoo!
2007-05-26 13:36:40 0 d-------- C:\Program Files\Lavasoft
2007-05-23 18:00:26 0 d-------- C:\Program Files\Winamp
2007-05-20 18:43:12 0 d-------- C:\Documents and Settings\eero\Application Data\Vso
2007-05-18 19:49:15 0 d-------- C:\Program Files\Steam
2007-05-17 00:39:04 0 d-------- C:\Program Files\VstPlugins
2007-05-09 07:22:33 0 d-------- C:\Program Files\Ajokorttikoulu
2007-05-01 15:10:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-26 16:46:16 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2007-04-26 16:31:04 512 --a------ C:\ScanSectorLog.dat
2007-04-25 21:26:41 0 d-------- C:\Documents and Settings\eero\Application Data\MusicIP
2007-04-25 16:35:18 0 d-------- C:\Documents and Settings\eero\Application Data\Metacafe
2007-04-25 16:30:09 0 d-------- C:\Program Files\Metacafe
2007-04-22 21:30:35 0 d-------- C:\Program Files\VideoLAN
2007-04-14 19:32:43 398024 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-04-14 19:32:43 84378 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-04-14 19:25:54 0 d-------- C:\Program Files\Windows NT
2007-04-12 22:18:33 0 d--h----- C:\Program Files\Webroot
2007-04-12 21:20:51 0 d-------- C:\Program Files\themexp
2007-03-19 17:38:51 302 --a------ C:\Documents and Settings\eero\Application Data\dm.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
{E24AD748-155E-4254-B674-4EDF86E7E1DF} C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DU Meter"="C:\\Program Files\\DU Meter\\DUMeter.exe"
"SoundMan"="SOUNDMAN.EXE"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"InfoPenMSN"="\"C:\\Documents and Settings\\eero\\Omat tiedostot\\Vastaanotetut tiedostot\\InfoPenMSN\\Pro\\InfoPenIM.exe\""
"CTHelper"="CTHELPER.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"RemoteControl"="F:\\Ohjelmat\\PowerDVD6\\PDVDServ.exe"
"nwiz"="\"nwiz.exe\" /install"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SmcService"="F:\\Ohjelmat\\Sygate\\SPF\\smc.exe -startgui"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"F:\\Ohjelmat\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"=dword:00000000
"DisableChangePassword"=dword:00000000
"DisableLockWorkstation"=dword:00000000
"NoDispCpl"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000000
"NoChangeAnimation"=dword:00000000
"NoStrCmpLogical"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000000
"NoSharedDocuments"=hex:00,00,00,00
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"HideClock"=dword:00000000
"NoManageMyComputerVerb"=dword:00000000
"NoCDBurning"=dword:00000000
"NoStartMenuPinnedList"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoUserNameInStartMenu"=dword:00000000
"StartmenuLogoff"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoPrinterTabs"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoPrinters"=dword:00000000
"NoNetworkConnections"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoClose"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSMHelp"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000
"NoChangeAnimation"=dword:00000000
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"MemCheckBoxInRunDlg"=dword:00000000
"NoStrCmpLogical"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
"path"="C:\\Documents and Settings\\All Users\\Käynnistä-valikko\\Ohjelmat\\Käynnistys\\HP Image Zone -pikakäynnistys.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone -pikakäynnistys.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone -pikakäynnistys"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-31 at 10:47:08 ---------

 

Moro

Poistellapas näitä seuraavia ohjelmia ohjauspaneelin lisää/poista sovelluksen kautta, googlella löytyy noista tieto lisää

poista sitten nää kansiot

C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\eero\Application Data\WinAntiSpyware 2007 Free
C:\Program Files\Advanced Spyware Remover
C:\Program Files\NoAdware5.0
C:\Program Files\Bug Doctor

=======

Lataa RogueRemover
(tai tästä)

Tallenna rr-free-setup.exe työpöydällesi.
Klikkaa rr-free-setup.exe aloittaksesi ohjelman asennuksen

*Klikkaa Next ja sitten I agree ja lopuksi Install
*Ota rasti pois Show Readme edestä ja paina Finish
*Tämä käynnistää RogueRemover-ohjelman
*Sulje Help- kkunan
*Paina Check for updates
*Jos on uusia päivityksiä saatavilla, paina Download
*Odota, että ohjelma lataa ja asentaa uudet päivitykset,kun valmis paina Close päivitysikkunassa
*Paina Scan

*Jos ei mitään löytynyt ,sulje RogueRemover
*Jos RogueRemover löysi jotain, niin se esittelee listan löydetyistä tiedostoista
*Paina Save log
*Paina OK ponnahdusikkunassa
*Paina Remove selected
*Paina YES ponnahdusikkunassa
*Odota että ohjelma suorittaa tiedostojen poistoa loppuun,sen jälkeen sulje RogueRemover
*Käytä muistiota (Notepad) avataaksesi tämän tiedoston

C:\Program Files\RogueRemover\RRLog******.txt
Huom: ****** on aika kun ajoit RogueRemoverin

Lähetä tämä loki tiedosto viestiketjuusi

========


Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

 

Tällasta tällä kertaa.

Rogue Remover


Malwarebytes' RogueRemover
Malwarebytes ©2007 http://www.malwarebytes.org
5093 total fingerprints loaded.

Loading database ...
Expanding environmental variables ...

Scanning files ... [ 100% ].
Scanning folders ... [ 100% ].
Scanning registry keys ... [ 100% ].
Scanning registry values ... [ 100% ].

RogueRemover has detected rogue antispyware components! Results below...

Type: File
Vendor: Ads Alert
Location: C:\Program Files\PcPrivacySoftware.com\AdsAlert\Backup\2005-5-4-14-56-52.reg

Type: Folder
Vendor: Ads Alert
Location: C:\Program Files\PcPrivacySoftware.com\AdsAlert

Type: Folder
Vendor: Ads Alert
Location: C:\Program Files\PcPrivacySoftware.com\AdsAlert\Backup

Type: Folder
Vendor: BPS Spyware Remover
Location: C:\Program Files\BulletProofSoft.com

Type: Folder
Vendor: DriveCleaner 2006
Location: C:\Program Files\Common Files\DriveCleaner Free

Type: Folder
Vendor: WinAntiSpyware 2007
Location: C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007

Type: Folder
Vendor: WinAntiSpyware 2007
Location: C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data

Type: Folder
Vendor: WinAntiSpyware 2007
Location: C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr

Type: Folder
Vendor: WinAntiSpyware 2007
Location: C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode

Type: Registry Key
Vendor: WinAntiVirus 2006
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN

Type: Registry Key
Vendor: ErrorDoctor
Location: HKEY_LOCAL_MACHINE\SOFTWARE\ErrorDoctor

Type: Registry Key
Vendor: Spyware Nuker
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Nuker

Type: Registry Key
Vendor: ESpywareRemover
Location: HKEY_CURRENT_USER\Software\SpywareRemover

Type: Registry Key
Vendor: ESpywareRemover
Location: HKEY_LOCAL_MACHINE\SOFTWARE\SpywareRemover

RogueRemover has found the objects above.


F-Secure


Scanning Report
Thursday, May 31, 2007 14:23:56 - 17:23:17

Computer name: YOUR-JDDID3DZXA
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\
Result: 11 malware found
Backdoor.IRC.Zapchast (virus)

* C:\WINDOWS\SYSTEM32\MS32.0LL.MWT (Renamed & Submitted)

Vundo.gen21 (virus)

* C:\VUNDOFIX BACKUPS\HGGGGFC.DLL.BAD (Submitted)
* C:\VUNDOFIX BACKUPS\SSQOLJI.DLL.BAD (Submitted)
* C:\VUNDOFIX BACKUPS\YAYYXWV.DLL.BAD (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3208\A0452232.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3208\A0452234.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3208\A0452240.DLL (Submitted)

Vundo.gen26 (virus)

* C:\VUNDOFIX BACKUPS\VTURQ.DLL.BAD (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3208\A0452239.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3183\A0450024.DLL (Submitted)
* C:\SYSTEM VOLUME INFORMATION\_RESTORE{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3179\A0448808.DLL (Submitted)

Statistics
Scanned:

* Files: 137359
* System: 5864
* Not scanned: 23

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 10
* Submitted: 11

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\VAXSCSI.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\EERO\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\EERO\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* F:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-05-30
* F-Secure AVP: 7.0.171, 2007-05-31
* F-Secure Orion: 1.2.37, 2007-05-31
* F-Secure Blacklight: 1.0.53
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-04-28

Scanning options:

* Scan all files
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

Laita viel uusi hijackthislogi

 

Logfile of HijackThis v1.99.1
Scan saved at 18:21:31, on 31.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
F:\Ohjelmat\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe
C:\WINDOWS\system32\CTHELPER.EXE
F:\Ohjelmat\PowerDVD6\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\eero\Työpöytä\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\POP-UP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InfoPenMSN] "C:\Documents and Settings\eero\Omat tiedostot\Vastaanotetut tiedostot\InfoPenMSN\Pro\InfoPenIM.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [RemoteControl] F:\Ohjelmat\PowerDVD6\PDVDServ.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] F:\Ohjelmat\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Ohjelmat\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - (no file)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Ohjelmat\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

Lataa WinPFind3 http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe työpöydällesi ja tuplaklikkaa exeä purkaaksesi sen. Kansio nimeltä WinPFind3u luodaan työpöydällesi.


* Avaa WinPFind3u-kansio ja tuplaklikkaa WinPFind3U.exe käynnistääksesi ohjelman.

o Files Created Within-kohdassa klikkaa30 days
o Files Modified Within-kohdassa klikkaa30 days
o File String Search -kohdassa klikkaaNon-Microsoft

* Nyt klikkaa Run Scan-nappulaa työkalupalkissa.
* Kun skanni on valmis, raportti avautuu muistioon.
* Klikkaa Muotoile ja varmistu ettei automaattinen rivitys ole valittuna. Jos on, ota valinta pois.


Lähetä loki seuraavassa vastauksessasi. Voit tarvita siihen useita vastauksia, ettei se jää vaillinaiseksi.

 

Pitää ihan erikseen mainita, että noi sun ohjeet on erittäin selkeät ja hyvät. Noita kyl lukee mielellään. Varmasti huonompikin poro peukalo saa ongelmansa hoidettua ohjeittesi avulla. Ottaisivat muut mallia sinusta. Tulipahan nyt kehuttua, mut ihan aiheestakin

 

WinPFind3 logfile created on: 31.5.2007 18:44:59
WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\winpind3u\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

511,48 Mb Total Physical Memory | 241,33 Mb Available Physical Memory | 47,18% Memory free
864,38 Mb Paging File | 610,50 Mb Available in Paging File | 70,63% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 4,01 Gb Free Space | 10,75% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 114,49 Gb Total Space | 23,77 Gb Free Space | 20,77% Space Free

Computer Name: YOUR-JDDID3DZXA
Current User Name: eero
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgnt.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.00.04.05 | Size = 327720 bytes | Modified Date = 20.4.2007 16:42:12 | Attr = ]
avguard.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.52 | Size = 204840 bytes | Modified Date = 20.4.2007 16:42:12 | Attr = ]
cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 1 | Size = 24576 bytes | Modified Date = 28.8.2003 11:45:38 | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13.12.1999 1:01:00 | Attr = ]
infopenim.exe -> %UserDocuments%\Vastaanotetut tiedostot\InfoPenMSN\PRO\InfoPenIM.exe -> [Ver = | Size = 61440 bytes | Modified Date = 6.7.2004 9:50:20 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14.3.2007 3:43:44 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.4072 | Size = 65536 bytes | Modified Date = 27.9.2002 16:38:00 | Attr = ]
pdvdserv.exe -> F:\Ohjelmat\PowerDVD6\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2.11.2004 20:24:46 | Attr = ]
sched.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.46 | Size = 57896 bytes | Modified Date = 20.4.2007 16:42:12 | Attr = ]
schedhlp.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,35 | Size = 65536 bytes | Modified Date = 9.6.2004 12:00:50 | Attr = ]
schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,35 | Size = 114688 bytes | Modified Date = 9.6.2004 12:00:50 | Attr = ]
smc.exe -> F:\Ohjelmat\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.3408 | Size = 2635472 bytes | Modified Date = 27.9.2005 12:16:00 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.18 | Size = 47104 bytes | Modified Date = 10.2.2003 16:59:48 | Attr = ]
starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 1.4.2005 20:51:48 | Attr = ]
winpfind3u.exe -> %SystemDrive%\winpind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 22.5.2007 18:27:40 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,35 | Size = 114688 bytes | Modified Date = 9.6.2004 12:00:50 | Attr = ]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.46 | Size = 57896 bytes | Modified Date = 20.4.2007 16:42:12 | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.52 | Size = 204840 bytes | Modified Date = 20.4.2007 16:42:12 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> F:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28.9.2006 17:13:20 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13.12.1999 1:01:00 | Attr = ]
(dmadmin) Loogisen levyn hallinnan valvontapalvelu [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 15.9.2004 2:12:02 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4.4.2005 0:41:10 | Attr = ]
(IOLO_SRV) iolo System Guard [Win32_Own | Auto | Stopped] -> -> File not found
(KPF4) Kerio Personal Firewall 4 [Win32_Own | Auto | Stopped] -> -> File not found
(NETDDEC) Network DDE Connections [Win32_Own | Auto | Stopped] -> -> File not found
(NMSAccess) NMSAccess [Win32_Own | Auto | Stopped] -> -> File not found
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.13.10.4072 | Size = 65536 bytes | Modified Date = 27.9.2002 16:38:00 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29.9.2004 12:14:36 | Attr = ]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> F:\Ohjelmat\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.3408 | Size = 2635472 bytes | Modified Date = 27.9.2005 12:16:00 | Attr = ]
(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 1.4.2005 20:51:48 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> F:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 7.10.2006 15:20:00 | Attr = ]
Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,35 | Size = 65536 bytes | Modified Date = 9.6.2004 12:00:50 | Attr = ]
avgnt -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.00.04.05 | Size = 327720 bytes | Modified Date = 20.4.2007 16:42:12 | Attr = ]
CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 1, 1 | Size = 24576 bytes | Modified Date = 28.8.2003 11:45:38 | Attr = ]
DU Meter -> %ProgramFiles%\DU Meter\DUMeter.exe -> Hagel Technologies [Ver = 3.05 Build 148 | Size = 1297920 bytes | Modified Date = 22.6.2003 16:38:30 | Attr = ]
InfoPenMSN -> %UserDocuments%\Vastaanotetut tiedostot\InfoPenMSN\PRO\InfoPenIM.exe -> [Ver = | Size = 61440 bytes | Modified Date = 6.7.2004 9:50:20 | Attr = ]
Jet Detection -> %ProgramFiles%\Creative\SBLive\Program\ADGJDet.exe -> [Ver = 1, 0, 2, 0 | Size = 28672 bytes | Modified Date = 29.11.2001 1:00:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.13.10.4072 | Size = 446464 bytes | Modified Date = 27.9.2002 16:38:00 | Attr = ]
RemoteControl -> F:\Ohjelmat\PowerDVD6\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 2.11.2004 20:24:46 | Attr = ]
SmcService -> F:\Ohjelmat\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.3408 | Size = 2635472 bytes | Modified Date = 27.9.2005 12:16:00 | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.18 | Size = 47104 bytes | Modified Date = 10.2.2003 16:59:48 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14.3.2007 3:43:44 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> F:\Ohjelmat\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28.9.2006 17:13:28 | Attr = ]
{a5780613-492e-4a2a-a7fd-549610edf6cc} [HKLM] -> [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeAnimation -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103} -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\NoResolveTrack -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoManageMyComputerVerb -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartmenuLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuSubFolders -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPrinterTabs -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDeletePrinter -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAddPrinter -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPrinters -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetworkConnections -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetFolders -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeStartMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoShellSearchButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeAnimation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeKeyboardNavigationIndicators -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MemCheckBoxInRunDlg -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSecCpl -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCpl -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKLM: Search Page -> http://www.msn.com/access/allinone.asp ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.toggle.com/index.php?rvs=hompag ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> F:\Ohjelmat\Adobe Reader 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 3.11.2003 14:17:44 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14.3.2007 3:43:40 | Attr = ]
{E24AD748-155E-4254-B674-4EDF86E7E1DF} [HKLM] -> %ProgramFiles%\Acronis\PrivacyExpert\Pop-up Blocker.dll [CAdBlocker Object] -> Acronis [Ver = 1.0.0.1 | Size = 416032 bytes | Modified Date = 13.6.2004 17:45:46 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{C44158E1-6121-2432-ABE6-FD53D6534DCB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C44158E1-6121-2432-ABE6-FD53D6534DCB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{E6AE90A4-1B01-47F0-AA78-E6B122E145E9} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14.3.2007 3:43:42 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{19FC959F-CB1B-419B-8151-0560931535FD} -> (TW-IA300) ->
{C7F04EF4-529A-4045-B717-618E1FDFF78C} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> Creative Software AutoUpdate - CodeBase = http://www.creative.com/su/ocx/15026/CTSUEng.cab ->
{0B79F48A-E8D6-11DB-9283-E25056D89593} -> F-Secure Online Scanner 3.1 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} -> Java Plug-in 1.4.1_07 - CodeBase = http://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> Creative Software AutoUpdate Support Package - CodeBase = http://www.creative.com/su/ocx/15028/CTPID.cab ->
DirectAnimation Java Classes -> - CodeBase = ->
Microsoft XML Parser for Java -> - CodeBase = ->

[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 30.5.2007 23:57:39 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 2.1.1601 22:00:00 | Attr = HS]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 30.5.2007 13:43:54 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 30.5.2007 13:10:13 | Attr = ]
winpind3u -> %SystemDrive%\winpind3u -> [Folder | Created Date = 31.5.2007 17:41:21 | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87040 bytes | Created Date = 30.5.2007 13:55:06 | Attr = ]
CS-80V(10 voices).dll -> %SystemRoot%\CS-80V(10 voices).dll -> [Ver = | Size = 12550144 bytes | Created Date = 12.5.2007 21:59:56 | Attr = ]
ECA-CONFIG.DB -> %SystemRoot%\ECA-CONFIG.DB -> [Ver = | Size = 13 bytes | Created Date = 30.5.2007 9:31:16 | Attr = ]
ECADEMO.INI -> %SystemRoot%\ECADEMO.INI -> [Ver = | Size = 18 bytes | Created Date = 30.5.2007 9:31:16 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 30.5.2007 13:46:06 | Attr = ]
Eudcedit.ini -> %SystemRoot%\Eudcedit.ini -> [Ver = | Size = 144 bytes | Created Date = 26.5.2007 18:28:22 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 30.5.2007 13:55:06 | Attr = ]
st32sys.sys -> %SystemRoot%\st32sys.sys -> [Ver = | Size = 108 bytes | Created Date = 10.5.2007 17:51:09 | Attr = ]
stt_3.ini -> %SystemRoot%\stt_3.ini -> [Ver = | Size = 819 bytes | Created Date = 10.5.2007 17:51:35 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 28.5.2007 18:29:16 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 30.5.2007 13:56:42 | Attr = ]
VRTECA.INI -> %SystemRoot%\VRTECA.INI -> [Ver = | Size = 931 bytes | Created Date = 30.5.2007 9:31:15 | Attr = ]
VRTPDF.URL -> %SystemRoot%\VRTPDF.URL -> [Ver = | Size = 76 bytes | Created Date = 30.5.2007 9:42:19 | Attr = ]
VRTSET.INI -> %SystemRoot%\VRTSET.INI -> [Ver = | Size = 240 bytes | Created Date = 30.5.2007 9:31:16 | Attr = ]
ArtFfct.dll -> %System32%\ArtFfct.dll -> [Ver = 1, 0, 0, 1 | Size = 163840 bytes | Created Date = 12.5.2007 21:59:57 | Attr = ]
Bwcc0007.dll -> %System32%\Bwcc0007.dll -> [Ver = | Size = 97072 bytes | Created Date = 30.5.2007 9:29:20 | Attr = ]
Bwcc0009.dll -> %System32%\Bwcc0009.dll -> Borland International [Ver = 2.03 | Size = 96912 bytes | Created Date = 30.5.2007 9:29:20 | Attr = ]
Bwcc000c.dll -> %System32%\Bwcc000c.dll -> [Ver = | Size = 96928 bytes | Created Date = 30.5.2007 9:29:20 | Attr = ]
Bwcc0spa.dll -> %System32%\Bwcc0spa.dll -> [Ver = | Size = 96928 bytes | Created Date = 30.5.2007 9:29:20 | Attr = ]
ECATECH2.TTF -> %System32%\ECATECH2.TTF -> [Ver = | Size = 151816 bytes | Created Date = 30.5.2007 9:31:16 | Attr = ]
ECATECHI.TTF -> %System32%\ECATECHI.TTF -> [Ver = | Size = 95080 bytes | Created Date = 30.5.2007 9:31:23 | Attr = ]
gnfwdrbp.ini2 -> %System32%\gnfwdrbp.ini2 -> [Ver = | Size = 1431757 bytes | Created Date = 14.5.2007 18:28:59 | Attr = HS]
gvjghomf.ini -> %System32%\gvjghomf.ini -> [Ver = | Size = 1431401 bytes | Created Date = 11.5.2007 18:50:10 | Attr = HS]
ihhkj.bak1 -> %System32%\ihhkj.bak1 -> [Ver = | Size = 691966 bytes | Created Date = 11.5.2007 18:47:08 | Attr = HS]
ihhkj.bak2 -> %System32%\ihhkj.bak2 -> [Ver = | Size = 726663 bytes | Created Date = 12.5.2007 18:47:22 | Attr = HS]
ihhkj.ini2 -> %System32%\ihhkj.ini2 -> [Ver = | Size = 777555 bytes | Created Date = 14.5.2007 15:33:33 | Attr = HS]
iqaqsbco.ini -> %System32%\iqaqsbco.ini -> [Ver = | Size = 833161 bytes | Created Date = 18.5.2007 19:20:23 | Attr = HS]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 31.5.2007 16:32:14 | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 31.5.2007 16:32:14 | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 31.5.2007 16:32:14 | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 31.5.2007 16:32:14 | Attr = ]
mhqclqly.ini -> %System32%\mhqclqly.ini -> [Ver = | Size = 778232 bytes | Created Date = 21.5.2007 14:09:24 | Attr = HS]
moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 30.5.2007 13:55:06 | Attr = ]
sstwa.bak1 -> %System32%\sstwa.bak1 -> [Ver = | Size = 723219 bytes | Created Date = 18.5.2007 22:02:09 | Attr = HS]
sstwa.bak2 -> %System32%\sstwa.bak2 -> [Ver = | Size = 725929 bytes | Created Date = 19.5.2007 22:04:25 | Attr = HS]
sstwa.ini -> %System32%\sstwa.ini -> [Ver = | Size = 744693 bytes | Created Date = 18.5.2007 22:01:54 | Attr = HS]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 26.5.2007 13:04:18 | Attr = R ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 30.5.2007 13:55:06 | Attr = ]
vunqfoif.ini -> %System32%\vunqfoif.ini -> [Ver = | Size = 833161 bytes | Created Date = 19.5.2007 22:06:19 | Attr = HS]
SSHDRV86.sys -> %System32%\drivers\SSHDRV86.sys -> [Ver = 86, 0, 0, 1128 | Size = 81408 bytes | Created Date = 30.5.2007 9:31:37 | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 29.5.2007 22:59:28 | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 31.5.2007 17:32:20 | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 31.5.2007 0:57:40 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 31.5.2007 17:38:24 | Attr = HS]
mirc -> %SystemDrive%\mirc -> [Folder | Modified Date = 7.5.2007 18:22:56 | Attr = ]
plugin.ini -> %SystemDrive%\plugin.ini -> [Ver = | Size = 241 bytes | Modified Date = 12.5.2007 18:34:58 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 31.5.2007 18:26:54 | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 30.5.2007 14:43:56 | Attr = ]
unzipped -> %SystemDrive%\unzipped -> [Folder | Modified Date = 31.5.2007 17:35:06 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 30.5.2007 14:30:14 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 31.5.2007 18:20:24 | Attr = ]
winpind3u -> %SystemDrive%\winpind3u -> [Folder | Modified Date = 31.5.2007 18:41:22 | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 10.5.2007 18:29:10 | Attr = R S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87040 bytes | Modified Date = 22.5.2007 19:37:04 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 31.5.2007 18:20:24 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 31.5.2007 17:27:30 | Attr = S]
ECA-CONFIG.DB -> %SystemRoot%\ECA-CONFIG.DB -> [Ver = | Size = 13 bytes | Modified Date = 30.5.2007 10:31:18 | Attr = ]
ECADEMO.INI -> %SystemRoot%\ECADEMO.INI -> [Ver = | Size = 18 bytes | Modified Date = 30.5.2007 10:31:18 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 31.5.2007 0:58:08 | Attr = ]
eSellerateEngine.dll -> %SystemRoot%\eSellerateEngine.dll -> eSellerate Inc. [Ver = 3.6.2.8 | Size = 356352 bytes | Modified Date = 27.5.2007 22:33:26 | Attr = ]
Eudcedit.ini -> %SystemRoot%\Eudcedit.ini -> [Ver = | Size = 144 bytes | Modified Date = 26.5.2007 19:28:24 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 26.5.2007 19:28:10 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 9.5.2007 0:52:46 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10.5.2007 14:57:48 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 31.5.2007 17:32:20 | Attr = HS]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 27.5.2007 21:59:12 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 10562 bytes | Modified Date = 28.5.2007 16:49:20 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 143 bytes | Modified Date = 23.5.2007 19:21:40 | Attr = ]
Pex.INI -> %SystemRoot%\Pex.INI -> [Ver = | Size = 52 bytes | Modified Date = 15.5.2007 19:47:20 | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Pex.INI:KAVICHS ->
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 31.5.2007 18:44:06 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 29.5.2007 22:40:24 | Attr = ]
sierra.ini -> %SystemRoot%\sierra.ini -> [Ver = | Size = 327 bytes | Modified Date = 31.5.2007 18:18:54 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 28.5.2007 16:52:56 | Attr = ]
st32sys.sys -> %SystemRoot%\st32sys.sys -> [Ver = | Size = 108 bytes | Modified Date = 10.5.2007 18:51:10 | Attr = ]
stt_3.ini -> %SystemRoot%\stt_3.ini -> [Ver = | Size = 819 bytes | Modified Date = 10.5.2007 18:52:20 | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 28.5.2007 19:29:18 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 30.5.2007 20:54:26 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 396 bytes | Modified Date = 29.5.2007 22:59:28 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 31.5.2007 17:32:16 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3.5.2007 14:44:52 | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 31.5.2007 17:42:44 | Attr = ]
ULead32.ini -> %SystemRoot%\ULead32.ini -> [Ver = | Size = 324 bytes | Modified Date = 15.5.2007 16:56:20 | Attr = ]
uninstall -> %SystemRoot%\uninstall -> [Folder | Modified Date = 13.5.2007 13:11:16 | Attr = ]
VRTECA.INI -> %SystemRoot%\VRTECA.INI -> [Ver = | Size = 931 bytes | Modified Date = 30.5.2007 10:41:14 | Attr = ]
VRTPDF.URL -> %SystemRoot%\VRTPDF.URL -> [Ver = | Size = 76 bytes | Modified Date = 30.5.2007 10:42:20 | Attr = ]
VRTSET.INI -> %SystemRoot%\VRTSET.INI -> [Ver = | Size = 240 bytes | Modified Date = 30.5.2007 10:31:18 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1614 bytes | Modified Date = 30.5.2007 10:31:18 | Attr = ]
{00000000-00000000-00000009-00001102-00000002-80661102}.CDF -> %SystemRoot%\{00000000-00000000-00000009-00001102-00000002-80661102}.CDF -> [Ver = | Size = 3375239 bytes | Modified Date = 31.5.2007 17:36:48 | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\{00000000-00000000-00000009-00001102-00000002-80661102}.CDF:KAVICHS ->
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 388 bytes | Modified Date = 25.5.2007 18:09:06 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 354 bytes | Modified Date = 31.5.2007 18:13:06 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 31.5.2007 17:38:28 | Attr = H ]
BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-80661102}.rfx -> %System32%\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-80661102}.rfx -> [Ver = | Size = 24144 bytes | Modified Date = 31.5.2007 17:37:22 | Attr = ]
BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-80661102}.rfx -> %System32%\BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-80661102}.rfx -> [Ver = | Size = 24144 bytes | Modified Date = 31.5.2007 17:37:22 | Attr = ]
BMXState-{00000000-00000000-00000009-00001102-00000002-80661102}.rfx -> %System32%\BMXState-{00000000-00000000-00000009-00001102-00000002-80661102}.rfx -> [Ver = | Size = 16376 bytes | Modified Date = 31.5.2007 17:37:22 | Attr = ]
BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.rfx -> %System32%\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.rfx -> [Ver = | Size = 16376 bytes | Modified Date = 31.5.2007 17:37:22 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10.5.2007 14:57:48 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 31.5.2007 18:17:22 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 30.5.2007 14:46:44 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10.5.2007 18:50:24 | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 30.5.2007 20:54:26 | Attr = ]
DVCState-{00000000-00000000-00000009-00001102-00000002-80661102}.dat -> %System32%\DVCState-{00000000-00000000-00000009-00001102-00000002-80661102}.dat -> [Ver = | Size = 288 bytes | Modified Date = 31.5.2007 17:37:22 | Attr = ]
DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.dat -> %System32%\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-80661102}.dat -> [Ver = | Size = 288 bytes | Modified Date = 31.5.2007 17:37:22 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 294072 bytes | Modified Date = 30.5.2007 10:36:12 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\FNTCACHE.DAT:KAVICHS ->
gnfwdrbp.ini2 -> %System32%\gnfwdrbp.ini2 -> [Ver = | Size = 1431757 bytes | Modified Date = 16.5.2007 19:30:04 | Attr = HS]
gvjghomf.ini -> %System32%\gvjghomf.ini -> [Ver = | Size = 1431401 bytes | Modified Date = 11.5.2007 21:01:44 | Attr = HS]
ihhkj.bak1 -> %System32%\ihhkj.bak1 -> [Ver = | Size = 691966 bytes | Modified Date = 15.5.2007 19:49:10 | Attr = HS]
ihhkj.bak2 -> %System32%\ihhkj.bak2 -> [Ver = | Size = 726663 bytes | Modified Date = 18.5.2007 14:54:20 | Attr = HS]
ihhkj.ini2 -> %System32%\ihhkj.ini2 -> [Ver = | Size = 777555 bytes | Modified Date = 18.5.2007 22:46:14 | Attr = HS]
iqaqsbco.ini -> %System32%\iqaqsbco.ini -> [Ver = | Size = 833161 bytes | Modified Date = 18.5.2007 20:20:28 | Attr = HS]
mhqclqly.ini -> %System32%\mhqclqly.ini -> [Ver = | Size = 778232 bytes | Modified Date = 23.5.2007 15:11:10 | Attr = HS]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 31.5.2007 17:37:22 | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 31.5.2007 17:37:22 | Attr = ]
sstwa.bak1 -> %System32%\sstwa.bak1 -> [Ver = | Size = 723219 bytes | Modified Date = 18.5.2007 23:02:10 | Attr = HS]
sstwa.bak2 -> %System32%\sstwa.bak2 -> [Ver = | Size = 725929 bytes | Modified Date = 19.5.2007 23:04:26 | Attr = HS]
sstwa.ini -> %System32%\sstwa.ini -> [Ver = | Size = 744693 bytes | Modified Date = 20.5.2007 18:50:20 | Attr = HS]
streamhlp.dll -> %System32%\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 26.5.2007 14:04:28 | Attr = R ]
vunqfoif.ini -> %System32%\vunqfoif.ini -> [Ver = | Size = 833161 bytes | Modified Date = 19.5.2007 23:06:24 | Attr = HS]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 30.5.2007 14:51:38 | Attr = ]
SSHDRV86.sys -> %System32%\drivers\SSHDRV86.sys -> [Ver = 86, 0, 0, 1128 | Size = 81408 bytes | Modified Date = 30.5.2007 10:31:38 | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 36 bytes -> %SystemDrive%\00007E00-3D75FD7D_Backup:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\119190.jpg:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\Delapp.bat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\download2.gif:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\FSIPFLTR.LOG:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemDrive%\hg.txt:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemDrive%\otsahiukset.jpg:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Audio Converter Uninstaller.exe:KAVICHS ->
UPX! , UPX0 , -> %SystemRoot%\CleanUpUninstall.exe -> [Ver = | Size = 162304 bytes | Modified Date = 25.4.2005 16:34:58 | Attr = ]
@Alternate Data Stream - 36 bytes -> %SystemRoot%\CTDCRES.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\CTDV10K1.CDF:KAVICHS ->
UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> [Ver = 3.41.0.0 | Size = 61952 bytes | Modified Date = 2.10.2003 3:20:48 | Attr = ]
PEC2 , -> %SystemRoot%\Dotest.exe -> Sonbry Marketing International 813-661-4530 Contact John Bryson [Ver = 1.00.0019 | Size = 365056 bytes | Modified Date = 25.5.2002 17:28:42 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\mpfClean.exe -> [Ver = | Size = 58368 bytes | Modified Date = 9.11.2003 4:00:02 | Attr = ]
@Alternate Data Stream - 68 bytes -> %SystemRoot%\nsreg.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\Pex.INI:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\SiSport.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %SystemRoot%\SiSUSBrg.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\SIS_LIB.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\SK24APRO.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\SOUNDMAN.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\SysMech6.INI:KAVICHS ->
UPX! , UPX0 , -> %SystemRoot%\unwash.exe -> [Ver = | Size = 44032 bytes | Modified Date = 11.12.2002 16:13:36 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\Unwash6.exe -> Webroot Software, Inc. [Ver = 6.0.1.435 | Size = 57344 bytes | Modified Date = 25.7.2005 2:04:32 | Attr = ]
@Alternate Data Stream - 68 bytes -> %SystemRoot%\Updreg.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\wiaservc.log:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\winamp.ini:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\winnt.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\winnt256.bmp:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %SystemRoot%\{00000000-00000000-00000009-00001102-00000002-80661102}.CDF:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\$winnt$.inf:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\12520437.cpx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\12520850.cpx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\32AlphaIcon.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\a15.tbl:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\a234.tbl:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\a3d.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\AC3API.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\Ac3audio.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ALSNDMGR.CPL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\atmfd.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\atmlib.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\AudioHQU.cpl:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CC3260MT.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CmdLineExt03.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\commonfx.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\compmgmt.msc:KAVICHS ->
UPX0 , -> %System32%\crashlog.tar.gz -> [Ver = | Size = 34627424 bytes | Modified Date = 30.9.2005 22:54:18 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\CT4MGM.SF2:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\CTAGENT.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ctbasicw.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ctdaught.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CTDC0000.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CTDC0001.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CTDCIFCE.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ctdlang.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CTDPROXY.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\CTHELPER.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ctmp3.acm:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\CTOSUSER.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ctsblfx.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\CTSPKHLP.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ctstatic.dat:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\CTSVCCDA.EXE:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\ctype.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_1250.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_1251.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_1252.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_1253.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_1255.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_1256.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_28591.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_850.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_874.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_932.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_936.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_949.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\c_950.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\defrag.exe:KAVICHS ->
UPX! , UPX0 , -> %System32%\devil.dll -> Abysmal Software [Ver = 1.6.5 | Size = 269312 bytes | Modified Date = 19.7.2002 19:05:08 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\dfrg.msc:KAVICHS ->
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41113 bytes | Modified Date = 16.9.2002 16:00:00 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\dfrgntfs.exe:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\dfrgres.dll:KAVICHS ->
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 1.2.2007 7:56:06 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\DivX412.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\DivXAF.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\dmadmin.exe:KAVICHS ->
UPX! , UPX0 , -> %System32%\DVDAudio.ax -> Fraunhofer [Ver = 3.00.0804 | Size = 65536 bytes | Modified Date = 24.11.2001 21:31:48 | Attr = ]
UPX! , UPX0 , -> %System32%\DVDVideo.ax -> Fraunhofer [Ver = 1.00.000 | Size = 86528 bytes | Modified Date = 24.11.2001 21:28:14 | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\DVobSub.ax:KAVICHS ->
WSUD , -> %System32%\dwsock6.dll -> Desaware Inc. [Ver = 1.01.0005 | Size = 200704 bytes | Modified Date = 9.9.2002 18:50:44 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\EBPMON2.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\eventvwr.msc:KAVICHS ->
UPX! , UPX0 , -> %System32%\EyeInstaller.exe -> [Ver = | Size = 11776 bytes | Modified Date = 28.8.2004 15:29:54 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\FNTCACHE.DAT:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\geo.nls:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\hpzsnt07.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\huffyuv.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\Iac25_32.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\iccvid.dll:KAVICHS ->
UPX! , UPX0 , -> %System32%\ilu.dll -> Abysmal Software [Ver = 1.6.5 | Size = 27648 bytes | Modified Date = 19.7.2002 19:06:02 | Attr = ]
UPX! , UPX0 , -> %System32%\ilut.dll -> Abysmal Software [Ver = 1.6.5 | Size = 16384 bytes | Modified Date = 19.7.2002 19:06:42 | Attr = ]
aspack , -> %System32%\Incinerator.dll -> [Ver = | Size = 1209344 bytes | Modified Date = 17.10.2005 5:52:02 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\ioloBootDefrag.cfg:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\javasup.vxd:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\l3codeca.acm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\l3codecx.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\lameACM.acm:KAVICHS ->
aspack , -> %System32%\lame_enc.dll -> [Ver = | Size = 126464 bytes | Modified Date = 7.8.2003 14:01:52 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\lmpgspl.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\locale.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\l_intl.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\MA3DBt6V.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\Malsctv6.ocx:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\mapidrv.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\mapiicon.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\Mp3cnfg.cpl:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\mpeg2Parser.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\msdmo.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\NeroCheck.exe:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\NeroCo.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\noise.esn:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\oembios.bin:KAVICHS ->
UPX0 , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 17.4.2002 8:42:34 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\oembios.dat:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\oembios.sig:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\oeminfo.ini:KAVICHS ->
UPX! , aspack , SAHAgent , UPX0 , -> %System32%\pav.sig -> [Ver = | Size = 6240280 bytes | Modified Date = 13.7.2004 23:03:42 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\Pcdlib32.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\PIAPROXY.DLL:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\RealMediaSplitter.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\SBLive.ico:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\services.msc:KAVICHS ->
aspack , -> %System32%\ShrLk21.dll -> [Ver = | Size = 160256 bytes | Modified Date = 12.9.2000 12:58:26 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\sl_anet.acm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\sortkey.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\sorttbls.nls:KAVICHS ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27.4.2006 17:49:30 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 9.1.2006 10:36:06 | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 1.12.2006 6:20:34 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\TfmAudio.ax:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\tssoft32.acm:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\unicode.nls:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\vbalLBar6.ocx:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\VFCodec.dll:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\vobsub.dll:KAVICHS ->
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 16.9.2002 16:00:00 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\wpa.dbl:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\XercesLib.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\xercesxmldom.dll:KAVICHS ->
Thawte Consulting , -> %System32%\XMD5.dll -> Belus Technology Inc. [Ver = 1, 0, 0, 0 | Size = 78488 bytes | Modified Date = 6.10.2003 12:44:34 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\xvid.dll:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\xvidvfw.dll:KAVICHS ->
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 16.9.2002 16:00:00 | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 4.8.2004 8:41:38 | Attr = ]
@Alternate Data Stream - 36 bytes -> %System32%\drivers\AFS2K.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ALCXWDM.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\amgm.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ASPI32.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\BsStor.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\cdrbsvsd.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\CoachUsb.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\CTAC32K.SYS:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\ctaud2k.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ctdvda2k.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ctljystk.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ctoss2k.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\CTPRXY2K.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\CTSFM2K.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\dmboot.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\dmio.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\dmload.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\emupia2k.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\Entech.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\fwdrv.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ha10kx2k.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\HAP16V2K.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\InCDfs.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\InCDpass.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\MARXDEV1.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\MARXDEV2.SYS:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\MARXDEV3.SYS:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\mmrtkrnl.sys:KAVICHS ->
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 4.8.2004 8:41:38 | Attr = ]
@Alternate Data Stream - 68 bytes -> %System32%\drivers\pavdrv51.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\pfc.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\PFMODNT.SYS:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\pnpshark.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\ptilink.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\secdrv.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\snapman.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\st3shark.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\Tsknf501.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\TWIn95a2.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\UNIDRV.SYS:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\xmasbus.sys:KAVICHS ->
@Alternate Data Stream - 68 bytes -> %System32%\drivers\xmasscsi.sys:KAVICHS ->
@Alternate Data Stream - 36 bytes -> %System32%\drivers\etc\services:KAVICHS ->

< End of report >

 

Jees, eli tästä eteenpäin tarkkaile vähän tarkempaa millaisia ohjelmia koneelle asentelet

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

=======

Tällä voit skannailla jos jaksat

Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

 

Dr.Web Cureit log


mirc.exe C:\mirc\backup Program.mIRC.616 Incurable.Moved.
mirc.exe C:\Program Files\NoNameScript Program.mIRC.616 Incurable.Moved.
SAVEInst.exe C:\Program Files\Setup\URL2 Adware.SaveNow Incurable.Moved.
A0448808.dll C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3179 Trojan.Virtumod Deleted.
A0450024.dll C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3183 Trojan.Virtumod Deleted.
A0450718.exe C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3192 Trojan.Fakealert Deleted.
A0450719.exe C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3192 Trojan.DownLoader.13909 Deleted.
A0450720.exe C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3192 Trojan.DownLoader.13909 Deleted.
A0450721.exe C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3192 Program.mIRC.603 Incurable.Moved.
A0450864.exe C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3193 Tool.Prockill Incurable.Moved.
A0450866.exe C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3193 Tool.ShutDown.11 Incurable.Moved.
A0452232.dll C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3208 Trojan.Virtumod Deleted.
A0452234.dll C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3208 Trojan.Virtumod Deleted.
A0452239.dll C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3208 Trojan.Virtumod Deleted.
A0452240.dll C:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3208 Trojan.Virtumod Deleted.
hggggfc.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
ssqolji.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
vturq.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
yayyxwv.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
Process.exe C:\WINDOWS\system32 Tool.Prockill Incurable.Moved.
mirc.exe F:\Ohjelmat\mIRC Program.mIRC.616 Incurable.Moved.
Security23.exe F:\Ohjelmat\security23 Probably BACKDOOR.Trojan Incurable.Moved.
A0453293.exe F:\System Volume Information\_restore{D0639569-1C38-4FFE-9B80-8E3854F89A34}\RP3214 BackDoor.Pigeon.199 Deleted.

 

ok ei toi löytäny vakavaa, falsepositivea ja järjestelmänpalautus moskaa

Security23.exe F:\Ohjelmat\security23 Probably BACKDOOR.Trojan Incurable.Moved.

toi vähän epäillyttävä vaan

 

Joo kyllä huomaa miten kone on nopeempi, kun vertaa ennen näitä "siivous" operaatioita. Nyt pitää kattoo ettei mitä tahansa asentele koneelle.