HJT-Logi / messari virus / Toisellakin koneella

Logfile of HijackThis v1.99.1
Scan saved at 21:00:18, on 25.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.24\pmonmh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Documents and Settings\Administrator\services.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.24/pmonmh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177392102734
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fi.ibm.com,ibm.com,bal.dk.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fi.ibm.com,ibm.com,bal.dk.ibm.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe (file missing)
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

 

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

"fi07628" - 2007-06-25 22:04:57 - ComboFix 07-06-25.3 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))


2007-06-25 22:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-25 21:27 71,906 --a------ C:\DOCUME~1\ADMINI~1\call.exe
2007-06-25 20:59 <DIR> d-------- C:\HJT
2007-06-25 19:45 239,715 --a------ C:\DOCUME~1\ADMINI~1\services.exe
2007-06-12 10:47 <DIR> d-------- C:\Program Files\Pitaschio
2007-06-11 08:43 41,472 --a------ C:\WINDOWS\system32\DRVNPANT.DLL
2007-06-11 08:42 94,208 --a------ C:\WINDOWS\system32\LEXCFI.DLL
2007-06-11 08:42 41,984 --a------ C:\WINDOWS\system32\IIAAG1BJ.DLL
2007-06-11 08:42 167,936 --a------ C:\WINDOWS\system32\LexLog.dll
2007-06-11 08:42 106,496 --a------ C:\WINDOWS\system32\LEXDRVX.DLL
2007-06-07 16:45 21,120 --a------ C:\WINDOWS\system32\drivers\nchssvad.sys
2007-06-07 16:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NCH Swift Sound
2007-06-07 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
2007-06-07 16:45 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\RecordPad
2007-06-07 16:45 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\NCH Swift Sound
2007-06-07 16:44 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-06-07 16:28 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-06-07 16:28 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-07 16:28 114,688 --a------ C:\WINDOWS\system32\real2mp3.dll
2007-06-01 10:06 <DIR> d-------- C:\Program Files\Open Contacts
2007-06-01 09:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\EssentialPIM
2007-06-01 09:19 <DIR> d-------- C:\Program Files\EssentialPIM
2007-05-31 09:57 <DIR> d-------- C:\Program Files\VertrigoServ
2007-05-31 09:42 <DIR> d-------- C:\Program Files\STS2Setup_1033
2007-05-30 13:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GlobalSCAPE
2007-05-30 13:03 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\GlobalSCAPE
2007-05-30 12:58 <DIR> d-------- C:\Program Files\GlobalSCAPE
2007-05-30 12:41 <DIR> d-------- C:\WINDOWS\pss
2007-05-27 09:39 <DIR> d-------- C:\DOCUME~1\fi07628\APPLIC~1\IBMERS
2007-05-27 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\IBMERS
2007-05-26 11:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2020-02-17 19:53:24 98,304 ----a-w C:\WINDOWS\system32\TPMDDL.dll
2020-02-17 19:53:24 15,872 ----a-w C:\WINDOWS\system32\drivers\atmeltpm.sys
2015-04-12 04:06:12 23,552 ----a-w C:\WINDOWS\system32\PostProc.dll
2014-05-15 03:06:28 98,304 ----a-w C:\WINDOWS\system32\igfxtray.exe
2014-05-15 03:06:28 94,208 ----a-w C:\WINDOWS\system32\igfxext.exe
2014-05-15 03:06:28 899,706 ----a-w C:\WINDOWS\system32\ialmdd5.dll
2014-05-15 03:06:28 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
2014-05-15 03:06:28 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2014-05-15 03:06:28 73,728 ----a-w C:\WINDOWS\system32\hccutils.dll
2014-05-15 03:06:28 61,440 ----a-w C:\WINDOWS\system32\iAlmCoIn_v4450.dll
2014-05-15 03:06:28 57,344 ----a-w C:\WINDOWS\system32\oemdspif.dll
2014-05-15 03:06:28 57,344 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
2014-05-15 03:06:28 524,288 ----a-w C:\WINDOWS\system32\igldev32.dll
2014-05-15 03:06:28 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
2014-05-15 03:06:28 450,560 ----a-w C:\WINDOWS\system32\igfxcfg.exe
2014-05-15 03:06:28 40,960 ----a-w C:\WINDOWS\system32\igfxexps.dll
2014-05-15 03:06:28 36,990 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
2014-05-15 03:06:28 214,746 ----a-w C:\WINDOWS\system32\ialmdev5.dll
2014-05-15 03:06:28 2,310,144 ----a-w C:\WINDOWS\system32\iglicd32.dll
2014-05-15 03:06:28 159,744 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
2014-05-15 03:06:28 147,456 ----a-w C:\WINDOWS\system32\igfxpph.dll
2014-05-15 03:06:28 135,168 ----a-w C:\WINDOWS\system32\igfxres.dll
2014-05-15 03:06:28 135,168 ----a-w C:\WINDOWS\system32\igfxdev.dll
2014-05-15 03:06:28 119,419 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
2014-05-15 03:06:28 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
2014-05-15 03:06:28 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
2014-05-15 03:06:28 1,503,232 ----a-w C:\WINDOWS\system32\igfxress.dll
2014-05-15 03:06:28 1,354,620 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
2008-09-15 00:41:24 21,504 ----a-w C:\WINDOWS\system32\NicCo.dll
2007-11-24 14:03:32 176,128 ----a-w C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-06-25 18:30:09 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 18:23:49 -------- d-----w C:\Program Files\C4ebreg
2007-06-25 18:22:45 40 ----a-w C:\WINDOWS\system32\profile.dat
2007-06-25 12:27:21 -------- d-----w C:\Program Files\KeePass Password Safe
2007-06-11 05:42:27 -------- d-----w C:\Program Files\IBM
2007-06-08 15:55:52 -------- d-----w C:\Program Files\AT&T Network Client
2007-06-07 13:25:31 -------- d-----w C:\Program Files\CDex_170b2
2007-05-30 10:10:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-22 10:50:08 53,968 ----a-w C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-17 17:36:32 61,440 ----a-w C:\WINDOWS\isamunin.exe
2007-05-17 17:24:45 7,012 ------w C:\WINDOWS\system32\drivers\PMEMNT.SYS
2007-05-15 05:29:39 -------- d-----w C:\Program Files\RegToy
2007-05-14 07:43:57 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird
2007-05-14 07:42:58 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-05-06 05:53:14 -------- d-----w C:\Program Files\WinTricks v5.0a
2007-05-04 08:10:44 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Brother
2007-05-04 05:20:40 -------- d-----w C:\Program Files\HySnapDX
2007-05-04 05:19:29 2,468 ----a-w C:\WINDOWS\UnHSDX.bat
2007-05-03 17:58:07 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Nokia
2007-05-03 15:37:06 -------- d-----w C:\Program Files\Common Files\Nokia
2007-05-03 15:37:05 -------- d-----w C:\Program Files\Nokia
2007-05-03 15:22:13 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Nokia Multimedia Player
2007-05-03 15:14:38 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-05-03 15:13:42 -------- d-----w C:\Program Files\PC Connectivity Solution
2007-05-03 15:05:37 -------- d-----w C:\Program Files\DIFX
2007-05-03 15:05:01 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\PC Suite
2007-05-03 12:29:27 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-05-03 12:27:14 1,916 ----a-w C:\WINDOWS\mozver.dat
2007-05-03 12:24:00 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-03 12:23:56 -------- d-----w C:\Program Files\Common Files\Real
2007-05-03 12:23:35 -------- d-----w C:\Program Files\Real
2007-04-26 18:24:05 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-04-24 09:55:11 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2007-04-23 16:43:53 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-12 11:08:00 52 ----a-w C:\WINDOWS\system32\rto.bat
2007-03-29 13:12:48 115,880 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-29 13:12:44 2,336,424 ----a-w C:\WINDOWS\system32\AS_Storage.dll
2007-03-29 13:12:44 114,856 ------w C:\WINDOWS\system32\pxcpyi64.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISAM SMT Service"="C:\Program Files\C4ebreg\isamsmt.exe" []
"ISAMTray"="C:\Program Files\C4ebreg\isamtray.exe" [2007-05-17 20:36]
"stgclean"="c:\sdwork\w32main2.exe" [2007-06-12 17:27]
"Tpam.exe"="C:\Program Files\IBM\Personal Communications\tpam.exe" [2005-09-06 12:07]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [1951-09-05 02:20]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 03:00]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 03:00]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 03:00]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 03:00]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-26 03:00]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 16:09]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 15:59]
"TpShocks"="TpShocks.exe" [2006-03-15 22:04 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 04:11 C:\WINDOWS\system32\TP4EX.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 01:00]
"ipmcmu"="c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe" [2007-04-23 20:30]
"MyHelpService"="C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe" [2006-12-19 13:44]
"PSQLLauncher"="C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" []
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2007-06-12 09:25]
"C4EBReg"="C:\Program Files\C4ebreg\c4ebreg.exe" [2007-05-17 20:36]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 22:26]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 23:33]
"pmonmh"="C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.24/pmonmh.exe" [2007-05-02 18:38]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-04-15 09:31]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"=1 (0x1)
"NoStartMenuMFUprogramsList"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-06-25 18:51:01 C:\WINDOWS\tasks\At1.job
2007-06-25 18:27:37 C:\WINDOWS\tasks\PMTask.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-25 22:06:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ipmcmu = c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"?run key ipmcmu was set successfully?run key ipmcmu was not set successfully?Error, Windows run key not found?The service "Task Scheduler" is not ru

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-25 22:07:13

--- E O F ---

 

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\Documents and Settings\Administrator\services.exe
C:\WINDOWS\isamunin.exe

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

========

Kaspersky online-skanneri

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

Myös uusi hijackthis logi!

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 26, 2007 4:21:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 26/06/2007
Kaspersky Anti-Virus database records: 353533
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 90538
Number of viruses found: 6
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 01:05:32

Infected Object Name / Virus Name / Last Action
C:\!KillBox\services.exe Infected: Trojan.Win32.Autoit.am skipped
C:\Documents and Settings\Administrator\.rainlendar2\rainlendar2.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\call.exe/data0002 Infected: Trojan.Win32.Agent.apt skipped
C:\Documents and Settings\Administrator\call.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\Administrator\call.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{B1373666-81B2-4C18-9E4D-1E6C37297039}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{B1373666-81B2-4C18-9E4D-1E6C37297039}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\javasharedresources\C230D1A32_IBMSDP_G01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\Cache\4C89847Fd01 Infected: Backdoor.Win32.MSNMaker.ag skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\Cache\B794989Dd01 Infected: Backdoor.Win32.MSNMaker.ag skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007062620070627\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF507C.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF93DE.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Received Files\lcapi0.log Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Received Files\MsnMsgr.txt Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Received Files\Transport0.log Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D340000\4FB40963.VBN Infected: Trojan.Win32.Agent.apt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D340001\4FB40A64.VBN Infected: Trojan.Win32.Agent.apt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\notes\data\IBM_TECHNICAL_SUPPORT\console.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\IBM\My Help\configuration\org.eclipse.core.runtime\.manager\.tmp62074.instance Object is locked skipped
C:\Program Files\IBM\My Help\configuration\org.eclipse.osgi\.manager\.tmp62073.instance Object is locked skipped
C:\Program Files\IBM\My Help\configuration\org.eclipse.update\.lock Object is locked skipped
C:\Program Files\IBM\My Help\derby.log Object is locked skipped
C:\Program Files\IBM\My Help\workspace\.metadata\.lock Object is locked skipped
C:\Program Files\IBM\My Help\workspace\log\MyHelp.log Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\db.lck Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\log\log4.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c10.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c121.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c130.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c141.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c20.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c200.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c211.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c290.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c2c1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c2d0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c2e1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c51.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c540.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c551.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c560.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c570.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c581.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c590.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c5a0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c5b0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c5c1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c60.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c640.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c651.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c660.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c671.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c680.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c691.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c6a0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c6b1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c71.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c740.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c7b0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c7e0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c7f1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c810.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c820.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c831.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c860.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c871.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c90.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c9e0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\c9f0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\ca1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\ca30.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\ca70.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\ca80.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\ca90.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\caa0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cab0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cb00.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cb10.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cb20.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cb31.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cc0.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cd1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\ce1.dat Object is locked skipped
C:\Program Files\IBM\My Help\workspace\MyHelpDatabase\seg0\cf0.dat Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0104NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP118\A0012719.com Infected: Backdoor.Win32.MSNMaker.ag skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP118\A0012747.exe Infected: Trojan.Win32.Autoit.am skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP118\A0012763.exe Infected: Trojan.Win32.Autoit.am skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP119\A0012768.rbf Infected: Backdoor.Win32.MSNMaker.ag skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP122\A0013273.exe Infected: Trojan.Win32.Autoit.am skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP122\change.log Object is locked skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP62\A0005722.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP62\A0005723.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP62\A0005737.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP62\A0005737.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP64\A0005838.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\profile.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 16:24:46, on 26.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.24\pmonmh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elisa.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.24/pmonmh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182804074296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182804053421
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fi.ibm.com,ibm.com,bal.dk.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fi.ibm.com,ibm.com,bal.dk.ibm.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe (file missing)
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\Documents and Settings\Administrator\call.exe

[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

======

Lataa WinPFind3 http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe työpöydällesi ja tuplaklikkaa exeä purkaaksesi sen. Kansio nimeltä WinPFind3u luodaan työpöydällesi.


* Avaa WinPFind3u-kansio ja tuplaklikkaa WinPFind3U.exe käynnistääksesi ohjelman.

o Files Created Within-kohdassa klikkaa30 days
o Files Modified Within-kohdassa klikkaa30 days
o File String Search -kohdassa klikkaaNon-Microsoft

* Nyt klikkaa Run Scan-nappulaa työkalupalkissa.
* Kun skanni on valmis, raportti avautuu muistioon.
* Klikkaa Muotoile ja varmistu ettei automaattinen rivitys ole valittuna. Jos on, ota valinta pois.


Lähetä loki seuraavassa vastauksessasi. Voit tarvita siihen useita vastauksia, ettei se jää vaillinaiseksi.

 

OSA 1/2
WinPFind3 logfile created on: 26.6.2007 20:45:10
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1014,36 Mb Total Physical Memory | 476,71 Mb Available Physical Memory | 47,00% Memory free
2,38 Gb Paging File | 1,93 Gb Available in Paging File | 81,16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 64,85 Gb Free Space | 69,61% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: L3GWC85-1951BY8
Current User Name: fi07628
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 17.4.2006 16:12:26 | Attr = ]
acs.exe -> %System32%\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8.11.2005 19:07:02 | Attr = ]
acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 151552 bytes | Modified Date = 17.4.2006 16:12:28 | Attr = ]
actray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 409600 bytes | Modified Date = 17.4.2006 16:09:10 | Attr = ]
acwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 98304 bytes | Modified Date = 17.4.2006 15:59:10 | Attr = ]
btstac~1.exe -> %ProgramFiles%\ThinkPad\Bluetooth Software\BTStackServer.exe -> Broadcom Corporation. [Ver = 5.0.1.3200 | Size = 1376340 bytes | Modified Date = 1.8.2006 22:23:52 | Attr = ]
bttray.exe -> %ProgramFiles%\ThinkPad\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.3200 | Size = 622653 bytes | Modified Date = 1.8.2006 22:25:16 | Attr = ]
btwdins.exe -> %ProgramFiles%\ThinkPad\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.3200 | Size = 266295 bytes | Modified Date = 1.8.2006 22:18:00 | Attr = ]
c4ebreg.exe -> %ProgramFiles%\C4ebreg\c4ebreg.exe -> IBM Global Services [Ver = 6.30 | Size = 331776 bytes | Modified Date = 17.5.2007 20:36:20 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 19.7.2006 22:26:04 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 19.7.2006 22:26:06 | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 202400 bytes | Modified Date = 19.7.2006 22:26:10 | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 19.7.2006 22:26:12 | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 27.9.2006 23:33:22 | Attr = ]
delaystart.exe -> %ProgramFiles%\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe -> [Ver = | Size = 81920 bytes | Modified Date = 19.12.2006 13:44:04 | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 155648 bytes | Modified Date = 26.2.2007 18:34:28 | Attr = ]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> [File Corrupted - Detail Data unreadable]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 26.2.2007 18:33:56 | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 245760 bytes | Modified Date = 26.2.2007 18:33:46 | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 26.2.2007 18:34:28 | Attr = ]
isamtray.exe -> %ProgramFiles%\C4ebreg\isamtray.exe -> IBM Global Services [Ver = 6.30 | Size = 237568 bytes | Modified Date = 17.5.2007 20:36:30 | Attr = ]
issimsvc.exe -> %SystemDrive%\sdwork\issimsvc.exe -> IBM Global Services [Ver = 2.15 | Size = 204800 bytes | Modified Date = 12.6.2007 9:25:00 | Attr = ]
issvc.exe -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -> Symantec Corporation [Ver = 8.7.4.97 | Size = 87728 bytes | Modified Date = 27.9.2006 17:14:44 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14.3.2007 3:43:44 | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 83, 75, 3 | Size = 227328 bytes | Modified Date = 23.3.2007 13:20:52 | Attr = ]
ldlcserv.exe -> %System32%\drivers\ldlcserv.exe -> IBM Corporation [Ver = 5070.10.5249.773 | Size = 28672 bytes | Modified Date = 6.9.2005 12:07:18 | Attr = ]
myhelpservice.exe -> %ProgramFiles%\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe -> [Ver = | Size = 81920 bytes | Modified Date = 11.12.2006 10:48:42 | Attr = ]
nclbthandler.exe -> %ProgramFiles%\PC Connectivity Solution\NclBTHandler.exe -> Nokia [Ver = 6, 83, 7, 0 | Size = 86016 bytes | Modified Date = 15.2.2007 17:29:44 | Attr = ]
netcfgsv.exe -> %ProgramFiles%\AT&T Network Client\NetCfgSv.EXE -> AT&T [Ver = 5.09.2 | Size = 94208 bytes | Modified Date = 1.3.2004 8:00:00 | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,5,0 | Size = 153136 bytes | Modified Date = 12.3.2007 13:49:26 | Attr = ]
nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 12.3.2007 13:49:46 | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 2,0,5,0 | Size = 1209904 bytes | Modified Date = 12.3.2007 13:49:46 | Attr = ]
ntmulti.exe -> %SystemDrive%\notes\ntmulti.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 53248 bytes | Modified Date = 15.8.2005 8:40:28 | Attr = ]
pcs_agnt.exe -> %ProgramFiles%\IBM\Personal Communications\PCS_AGNT.EXE -> IBM Corporation [Ver = 5070.10.5249.773 | Size = 36864 bytes | Modified Date = 6.9.2005 12:07:18 | Attr = ]
pmonmh.exe -> %ProgramFiles%\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.24\pmonmh.exe -> [Ver = | Size = 188416 bytes | Modified Date = 2.5.2007 18:38:44 | Attr = ]
rainlendar2.exe -> %ProgramFiles%\Rainlendar2\Rainlendar2.exe -> [Ver = 2, 1, 0, 0 | Size = 1291264 bytes | Modified Date = 15.4.2007 9:31:34 | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11.5.2007 3:06:32 | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 27.9.2006 23:33:32 | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26.3.2007 13:06:24 | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> [File Corrupted - Detail Data unreadable]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 7.8.2006 19:03:02 | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11.4.2006 20:13:38 | Attr = ]
svcguihlpr.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 94208 bytes | Modified Date = 17.4.2006 16:13:00 | Attr = ]
symsport.exe -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -> Symantec Corporation [Ver = 8.7.4.97 | Size = 173744 bytes | Modified Date = 27.9.2006 17:15:56 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 512000 bytes | Modified Date = 14.2.2006 3:00:00 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 110592 bytes | Modified Date = 14.2.2006 3:00:00 | Attr = ]
tpam.exe -> %ProgramFiles%\IBM\Personal Communications\tpam.exe -> [Ver = | Size = 28672 bytes | Modified Date = 6.9.2005 12:07:18 | Attr = ]
tphdexlg.exe -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.40 | Size = 77824 bytes | Modified Date = 20.6.2005 15:15:00 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 25.7.2006 3:00:00 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 7.6.2005 0:26:22 | Attr = ]
tponscr.exe -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 5.7.2005 3:00:00 | Attr = ]
tpscrex.exe -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 30.5.2006 3:00:00 | Attr = ]
tpshocks.exe -> %System32%\TpShocks.exe -> Lenovo, Ltd. and IBM Corporation. [Ver = 1, 4, 1, 0 | Size = 106496 bytes | Modified Date = 15.3.2006 22:04:48 | Attr = ]
trcboot.exe -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5070.10.5249.773 | Size = 28672 bytes | Modified Date = 6.9.2005 12:07:18 | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 27.9.2006 23:33:44 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23.6.2007 15:15:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 17.4.2006 16:12:26 | Attr = ]
(ACS) ACU Configuration Service [Win32_Own | On_Demand | Running] -> %System32%\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8.11.2005 19:07:02 | Attr = ]
(AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 151552 bytes | Modified Date = 17.4.2006 16:12:28 | Attr = ]
(AppnNode) AppnNode [Win32_Own | On_Demand | Stopped] -> %System32%\drivers\appnnode.exe -> IBM Corporation [Ver = 5070.10.5249.773 | Size = 32768 bytes | Modified Date = 6.9.2005 12:07:18 | Attr = ]
(artstartsvc) IBM Mobility Client Start Utility [Win32_Own | Auto | Stopped] -> %ProgramFiles%\IBM\Mobility Client\artstartsvc.exe -> File not found
(BroadWaveService) BroadWave Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\NCH Swift Sound\BroadWave\broadwave.exe -> [Ver = | Size = 401412 bytes | Modified Date = 7.6.2007 16:45:22 | Attr = ]
(btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.3200 | Size = 266295 bytes | Modified Date = 1.8.2006 22:18:00 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 19.7.2006 22:26:06 | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 202400 bytes | Modified Date = 19.7.2006 22:26:10 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 19.7.2006 22:26:12 | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 27.9.2006 23:33:22 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4.8.2004 8:00:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 4.1.2007 4:40:22 | Attr = ]
(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> [File Corrupted - Detail Data unreadable]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(ISAMsmt) ISAM SMT Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\C4ebreg\isamsmt.exe -> File not found
(ISAMSvc) IBM Standard Asset Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\C4ebreg\c4ebreg.exe -> IBM Global Services [Ver = 6.30 | Size = 331776 bytes | Modified Date = 17.5.2007 20:36:20 | Attr = ]
(ISSIMon) ISSI EZUpdate [Win32_Own | Auto | Running] -> %SystemDrive%\sdwork\issimsvc.exe -> IBM Global Services [Ver = 2.15 | Size = 204800 bytes | Modified Date = 12.6.2007 9:25:00 | Attr = ]
(ISSVC) IS Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -> Symantec Corporation [Ver = 8.7.4.97 | Size = 87728 bytes | Modified Date = 27.9.2006 17:14:44 | Attr = ]
(ldlcserv) IBM Enterprise Extender [Win32_Own | Auto | Running] -> %System32%\drivers\ldlcserv.exe -> IBM Corporation [Ver = 5070.10.5249.773 | Size = 28672 bytes | Modified Date = 6.9.2005 12:07:18 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 23.2.2006 14:41:04 | Attr = ]
(Multi-user Cleanup Service) Multi-user Cleanup Service [Win32_Own | Auto | Running] -> %SystemDrive%\notes\ntmulti.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 53248 bytes | Modified Date = 15.8.2005 8:40:28 | Attr = ]
(MyHelp) My Help [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe -> [Ver = | Size = 81920 bytes | Modified Date = 11.12.2006 10:48:42 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 779824 bytes | Modified Date = 14.3.2007 19:19:10 | Attr = ]
(NetCfgSvr) Network Configuration Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AT&T Network Client\NetCfgSv.EXE -> AT&T [Ver = 5.09.2 | Size = 94208 bytes | Modified Date = 1.3.2004 8:00:00 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 12.3.2007 13:49:46 | Attr = ]
(SavRoam) SavRoam [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> File not found
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26.3.2007 13:06:24 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 7.8.2006 19:03:02 | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11.4.2006 20:13:38 | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 27.9.2006 23:33:32 | Attr = ]
(SymSecurePort) Symantec SecurePort [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -> Symantec Corporation [Ver = 8.7.4.97 | Size = 173744 bytes | Modified Date = 27.9.2006 17:15:56 | Attr = ]
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %System32%\TPHDEXLG.exe -> Lenovo. [Ver = 1.40 | Size = 77824 bytes | Modified Date = 20.6.2005 15:15:00 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 7.6.2005 0:26:22 | Attr = ]
(TrcBoot) IBM Trace Facility [Win32_Own | Auto | Running] -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5070.10.5249.773 | Size = 28672 bytes | Modified Date = 6.9.2005 12:07:18 | Attr = ]
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [Ver = 12.0.1202.0516 | Size = 228208 bytes | Modified Date = 16.5.2007 13:48:56 | Attr = ]

 

OSA 2/2

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ACTray -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 409600 bytes | Modified Date = 17.4.2006 16:09:10 | Attr = ]
ACWLIcon -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 98304 bytes | Modified Date = 17.4.2006 15:59:10 | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11.5.2007 3:06:32 | Attr = ]
BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog] -> [Ver = | Size = 208896 bytes | Modified Date = 26.5.2006 3:00:00 | Attr = ]
C4EBReg -> %ProgramFiles%\C4ebreg\c4ebreg.exe -> IBM Global Services [Ver = 6.30 | Size = 331776 bytes | Modified Date = 17.5.2007 20:36:20 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 19.7.2006 22:26:04 | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 155648 bytes | Modified Date = 26.2.2007 18:34:28 | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 26.2.2007 18:34:28 | Attr = ]
ipmcmu -> -> File not found
ISAM SMT Service -> %ProgramFiles%\C4ebreg\isamsmt.exe -> File not found
ISAMTray -> %ProgramFiles%\C4ebreg\isamtray.exe -> IBM Global Services [Ver = 6.30 | Size = 237568 bytes | Modified Date = 17.5.2007 20:36:30 | Attr = ]
ISSI EZUpdate Service -> %SystemDrive%\sdwork\issimsvc.exe -> IBM Global Services [Ver = 2.15 | Size = 204800 bytes | Modified Date = 12.6.2007 9:25:00 | Attr = ]
MyHelpService -> %ProgramFiles%\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe -> [Ver = | Size = 81920 bytes | Modified Date = 19.12.2006 13:44:04 | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 9.3.2007 18:53:56 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 83, 75, 3 | Size = 227328 bytes | Modified Date = 23.3.2007 13:20:52 | Attr = ]
Persistence -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 6.14.10.4785 | Size = 131072 bytes | Modified Date = 26.2.2007 18:33:56 | Attr = ]
pmonmh -> %ProgramFiles%\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.24\pmonmh.exe -> [Ver = | Size = 188416 bytes | Modified Date = 2.5.2007 18:38:44 | Attr = ]
PSQLLauncher -> %ProgramFiles%\Thinkvantage Fingerprint Software\launcher.exe -> File not found
PWRMGRTR -> %ProgramFiles%\ThinkPad\Utilities\PWRMGRTR.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor] -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 151552 bytes | Modified Date = 26.5.2006 3:00:00 | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> [File Corrupted - Detail Data unreadable]
stgclean -> %SystemDrive%\sdwork\W32MAIN2.EXE -> IBM Global Services [Ver = 3.63 | Size = 262656 bytes | Modified Date = 12.6.2007 17:27:00 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14.3.2007 3:43:44 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 512000 bytes | Modified Date = 14.2.2006 3:00:00 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 110592 bytes | Modified Date = 14.2.2006 3:00:00 | Attr = ]
TP4EX -> %System32%\TP4EX.exe -> Lenovo Group Limited [Ver = 1.11.00 | Size = 65536 bytes | Modified Date = 17.10.2005 4:11:00 | Attr = ]
Tpam.exe -> %ProgramFiles%\IBM\Personal Communications\tpam.exe -> [Ver = | Size = 28672 bytes | Modified Date = 6.9.2005 12:07:18 | Attr = ]
TPHOTKEY -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 25.7.2006 3:00:00 | Attr = ]
TPKMAPHELPER -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe -> Lenovo [Ver = 1, 3, 0, 0 | Size = 856064 bytes | Modified Date = 3.6.2006 1:00:18 | Attr = ]
TpShocks -> %System32%\TpShocks.exe -> Lenovo, Ltd. and IBM Corporation. [Ver = 1, 4, 1, 0 | Size = 106496 bytes | Modified Date = 15.3.2006 22:04:48 | Attr = ]
vptray -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 27.9.2006 23:33:44 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,5,0 | Size = 153136 bytes | Modified Date = 12.3.2007 13:49:26 | Attr = ]
Rainlendar2 -> %ProgramFiles%\Rainlendar2\Rainlendar2.exe -> [Ver = 2, 1, 0, 0 | Size = 1291264 bytes | Modified Date = 15.4.2007 9:31:34 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Bluetooth.lnk -> %ProgramFiles%\ThinkPad\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.3200 | Size = 622653 bytes | Modified Date = 1.8.2006 22:25:16 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ACNotify -> ACNotify.dll -> File not found
atmgrtok -> atmgrtok.dll -> File not found
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4785 | Size = 204800 bytes | Modified Date = 26.2.2007 18:33:26 | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 43760 bytes | Modified Date = 27.9.2006 23:33:54 | Attr = ]
pcsinst -> %System32%\pcsinst.dll -> IBM Corporation [Ver = 5070.10.5249.773 | Size = 49152 bytes | Modified Date = 6.9.2005 21:43:34 | Attr = ]
tpfnf2 -> %System32%\notifyf2.dll -> [Ver = | Size = 28672 bytes | Modified Date = 6.7.2005 3:00:00 | Attr = ]
tphotkey -> %System32%\tphklock.dll -> [Ver = | Size = 24576 bytes | Modified Date = 1.12.2005 3:00:00 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDevMgrUpdate -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://w3.ibm.com ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.elisa.net/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14.3.2007 3:43:40 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14.3.2007 3:43:42 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14.3.2007 3:43:40 | Attr = ]
{CCA281CA-C863-46ef-9331-5C8D4460577F} -> %ProgramFiles%\ThinkPad\Bluetooth Software\btsendto_ie.htm [ButtonText: @btrez.dll,-4015] -> [Ver = | Size = 2681 bytes | Modified Date = 29.5.2003 16:53:08 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
Send to &Bluetooth Device... -> %ProgramFiles%\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 29.5.2003 16:53:12 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0BE16F93-6849-4289-8BC6-75EF3404150B} -> (Intel(R) PRO/1000 PL Network Connection) ->
{5E3B0ED3-AC9F-4FB3-AD5D-3965B341D529} -> () ->
{896864DC-3FCD-432C-BD7B-F4770AECDDBE} -> (11a/b/g Wireless LAN Mini PCI Express Adapter) ->
{9A0523C0-6DA3-4649-8D25-CB57C18994FD} -> () ->
{DE473790-177F-4BC3-82C7-54942076CE5F} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182804074296 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182804053421 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
Microsoft XML Parser for Java -> - CodeBase = ->


[Files/Folders - Created Within 30 days]
HJT -> %SystemDrive%\HJT -> [Folder | Created Date = 25.6.2007 19:59:46 | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 25.6.2007 21:06:22 | Attr = ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 25.6.2007 22:28:50 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 25.6.2007 22:29:08 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 25.6.2007 22:28:03 | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 25.6.2007 22:28:58 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 25.6.2007 22:30:44 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 25.6.2007 22:29:15 | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Created Date = 25.6.2007 21:03:50 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 25.6.2007 21:03:50 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 30.5.2007 11:41:06 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 25.6.2007 21:07:18 | Attr = ]
DRVNPANT.DLL -> %System32%\DRVNPANT.DLL -> Lexmark International, Inc. [Ver = 7.3 | Size = 41472 bytes | Created Date = 11.6.2007 7:43:33 | Attr = ]
igfxres.dll -> %System32%\igfxres.dll -> Intel Corporation [Ver = 6.14.10.4785 | Size = 176128 bytes | Created Date = 25.6.2007 22:38:31 | Attr = ]
igxpun.exe -> %System32%\igxpun.exe -> Intel(R) Corporation [Ver = 1, 0, 38, 0 | Size = 393216 bytes | Created Date = 25.6.2007 22:31:10 | Attr = ]
IIAAG1BJ.DLL -> %System32%\IIAAG1BJ.DLL -> Lexmark International, Inc. [Ver = 8.2 | Size = 41984 bytes | Created Date = 11.6.2007 7:42:09 | Attr = ]
IIAAG1TH.HLP -> %System32%\IIAAG1TH.HLP -> [Ver = | Size = 65888 bytes | Created Date = 11.6.2007 7:42:10 | Attr = ]
IScrNB.bmp -> %System32%\IScrNB.bmp -> [Ver = | Size = 121232 bytes | Created Date = 25.6.2007 22:31:10 | Attr = ]
IScrNBR.bmp -> %System32%\IScrNBR.bmp -> [Ver = | Size = 121232 bytes | Created Date = 25.6.2007 22:31:10 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 26.6.2007 14:01:52 | Attr = ]
LEXCFI.DLL -> %System32%\LEXCFI.DLL -> Lexmark International, Inc. [Ver = 7.3 | Size = 94208 bytes | Created Date = 11.6.2007 7:42:09 | Attr = ]
LEXDRVX.DLL -> %System32%\LEXDRVX.DLL -> Lexmark International, Inc. [Ver = 7.3 | Size = 106496 bytes | Created Date = 11.6.2007 7:42:09 | Attr = ]
LexLog.dll -> %System32%\LexLog.dll -> Lexmark International, Inc. [Ver = 8.2 | Size = 167936 bytes | Created Date = 11.6.2007 7:42:27 | Attr = ]
LEXMV95.HLP -> %System32%\LEXMV95.HLP -> [Ver = | Size = 66183 bytes | Created Date = 11.6.2007 7:43:33 | Attr = ]
LEXPSHOW.HLP -> %System32%\LEXPSHOW.HLP -> [Ver = | Size = 166736 bytes | Created Date = 11.6.2007 7:43:33 | Attr = ]
mp3.ax -> %System32%\mp3.ax -> [Ver = | Size = 196608 bytes | Created Date = 7.6.2007 15:28:57 | Attr = ]
Real.ax -> %System32%\Real.ax -> Gabest [Ver = 1, 0, 0, 9 | Size = 128512 bytes | Created Date = 7.6.2007 15:28:58 | Attr = ]
real2mp3.dll -> %System32%\real2mp3.dll -> TODO: <????> [Ver = 1.0.0.1 | Size = 114688 bytes | Created Date = 7.6.2007 15:28:58 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 25.6.2007 21:03:50 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 25.6.2007 21:03:50 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 25.6.2007 21:03:50 | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 25.6.2007 21:03:50 | Attr = ]
x64 -> %System32%\x64 -> [Folder | Created Date = 25.6.2007 22:31:10 | Attr = ]
nchssvad.sys -> %System32%\drivers\nchssvad.sys -> NCH Swift Sound [Ver = 1.0.0.0 | Size = 21120 bytes | Created Date = 7.6.2007 15:45:10 | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 319 bytes | Modified Date = 30.5.2007 12:43:52 | Attr = RHS]
HJT -> %SystemDrive%\HJT -> [Folder | Modified Date = 26.6.2007 16:24:34 | Attr = ]
icons -> %SystemDrive%\icons -> [Folder | Modified Date = 11.6.2007 8:39:54 | Attr = ]
lotus -> %SystemDrive%\lotus -> [Folder | Modified Date = 11.6.2007 8:39:54 | Attr = ]
notes -> %SystemDrive%\notes -> [Folder | Modified Date = 26.6.2007 16:27:18 | Attr = ]
OIS_DB -> %SystemDrive%\OIS_DB -> [Folder | Modified Date = 12.6.2007 11:24:52 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 25.6.2007 23:28:50 | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 25.6.2007 22:06:24 | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 25.6.2007 21:19:50 | Attr = HS]
sdwork -> %SystemDrive%\sdwork -> [Folder | Modified Date = 26.6.2007 20:40:32 | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 8.6.2007 10:12:18 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 26.6.2007 17:13:26 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 25.6.2007 23:28:52 | Attr = H ]
$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 25.6.2007 23:28:52 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 25.6.2007 23:29:10 | Attr = H ]
$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 25.6.2007 23:28:06 | Attr = H ]
$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 25.6.2007 23:29:00 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 25.6.2007 23:30:46 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 25.6.2007 23:29:16 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 26.6.2007 20:40:26 | Attr = S]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI -> [Ver = | Size = 450 bytes | Modified Date = 11.6.2007 19:34:40 | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Modified Date = 5.6.2007 5:24:04 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 25.6.2007 23:29:24 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 26.6.2007 15:01:54 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 25.6.2007 23:15:24 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 25.6.2007 23:29:20 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 26.6.2007 15:01:54 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 25.6.2007 23:39:28 | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 19.6.2007 23:24:18 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 26.6.2007 20:43:46 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 30.5.2007 12:41:08 | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 25.6.2007 23:43:44 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 25.6.2007 23:15:36 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 274 bytes | Modified Date = 25.6.2007 16:35:36 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 26.6.2007 15:01:54 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 26.6.2007 20:41:12 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 30.5.2007 12:43:52 | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 510 bytes | Modified Date = 25.6.2007 21:51:02 | Attr = ]
PMTask.job -> %SystemRoot%\tasks\PMTask.job -> [Ver = | Size = 316 bytes | Modified Date = 26.6.2007 20:41:20 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 26.6.2007 20:40:30 | Attr = H ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 25.6.2007 23:28:32 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 26.6.2007 20:41:00 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 25.6.2007 23:43:48 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 25.6.2007 23:44:06 | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 25.6.2007 23:31:02 | Attr = ]
iAlmCoIn_v4450.dll -> %System32%\iAlmCoIn_v4450.dll -> Intel Corporation [Ver = 1.00.1000.1 | Size = 61440 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
ialmdd5.dll -> %System32%\ialmdd5.dll -> Intel Corporation [Ver = 6.14.10.4450 | Size = 899706 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
ialmdev5.dll -> %System32%\ialmdev5.dll -> Intel Corporation [Ver = 6.14.10.4450 | Size = 214746 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
ialmdnt5.dll -> %System32%\ialmdnt5.dll -> Intel Corporation [Ver = 6.14.10.4450 | Size = 119419 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
ialmrem.dll -> %System32%\ialmrem.dll -> Intel Corporation [Ver = 6.14.10.4450 | Size = 49152 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
ialmrnt5.dll -> %System32%\ialmrnt5.dll -> Intel Corporation [Ver = 6.14.10.4450 | Size = 36990 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
igxpxa32.cpa -> %System32%\igxpxa32.cpa -> [Ver = | Size = 524850 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
igxpxa32.vp -> %System32%\igxpxa32.vp -> [Ver = | Size = 929 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 26.6.2007 15:01:54 | Attr = ]
NicCo.dll -> %System32%\NicCo.dll -> Intel Corporation [Ver = 1.1.4.0 built by: WinDDK | Size = 21504 bytes | Modified Date = 15.9.2008 3:41:26 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 68226 bytes | Modified Date = 25.6.2007 23:44:56 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 430408 bytes | Modified Date = 25.6.2007 23:44:56 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 507158 bytes | Modified Date = 25.6.2007 23:44:56 | Attr = ]
PostProc.dll -> %System32%\PostProc.dll -> Analog Devices, Inc. [Ver = 6.00.01.1000 built by: WinDDK | Size = 23552 bytes | Modified Date = 12.4.2015 7:06:14 | Attr = ]
profile.dat -> %System32%\profile.dat -> [Ver = | Size = 40 bytes | Modified Date = 26.6.2007 20:39:28 | Attr = ]
TPMDDL.dll -> %System32%\TPMDDL.dll -> Atmel, Inc. [Ver = 3.0.0.15 (x86) | Size = 98304 bytes | Modified Date = 17.2.2020 22:53:26 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 26.6.2007 20:40:48 | Attr = ]
x64 -> %System32%\x64 -> [Folder | Modified Date = 25.6.2007 23:31:12 | Attr = ]
ADIHdAud.sys -> %System32%\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4310 built by: WinDDK | Size = 176128 bytes | Modified Date = 24.11.2007 17:03:34 | Attr = ]
atmeltpm.sys -> %System32%\drivers\atmeltpm.sys -> Atmel, Inc. [Ver = 3.0.0.15 built by: WinDDK | Size = 15872 bytes | Modified Date = 17.2.2020 22:53:26 | Attr = ]
ialmnt5.sys -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4450 | Size = 1354620 bytes | Modified Date = 15.5.2014 6:06:30 | Attr = ]
nchssvad.sys -> %System32%\drivers\nchssvad.sys -> NCH Swift Sound [Ver = 1.0.0.0 | Size = 21120 bytes | Modified Date = 7.6.2007 16:45:12 | Attr = ]
hosts.ics -> %System32%\drivers\etc\hosts.ics -> [Ver = | Size = 375 bytes | Modified Date = 7.6.2007 15:47:54 | Attr = ]

[File String Scan - Non-Microsoft Only]
buddy.exe , -> %SystemDrive%\28March-ISSI.xml -> [Ver = | Size = 153854 bytes | Modified Date = 13.9.2006 23:30:00 | Attr = ]
aspack , -> %SystemRoot%\IBM_values_installer.scr -> ScreenTime Media [Ver = 2.3.3 | Size = 194560 bytes | Modified Date = 17.7.2006 23:31:10 | Attr = ]
Thawte Consulting , -> %System32%\AS_Storage.dll -> Sonic Solutions [Ver = 3.0.84.500 | Size = 2336424 bytes | Modified Date = 29.3.2007 16:12:44 | Attr = ]
Thawte Consulting , -> %System32%\cpwmon2k.dll -> [Ver = | Size = 87800 bytes | Modified Date = 10.12.2006 20:31:12 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 4.8.2004 8:00:00 | Attr = ]
PTech , -> %System32%\IbmEgath.dll -> IBM Corporation [Ver = 3, 0, 0, 18 | Size = 184320 bytes | Modified Date = 27.4.2005 12:16:46 | Attr = ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 29.3.2007 16:12:44 | Attr = ]
Thawte Consulting , -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 114856 bytes | Modified Date = 29.3.2007 16:12:44 | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 29.3.2007 16:12:48 | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 29.3.2007 16:12:48 | Attr = ]
UPX! , UPX0 , -> %System32%\Real.ax -> Gabest [Ver = 1, 0, 0, 9 | Size = 128512 bytes | Modified Date = 25.1.2004 17:48:56 | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2533 | Size = 181736 bytes | Modified Date = 3.5.2007 15:23:54 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 4.8.2004 8:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 4.5.77.0 | Size = 397856 bytes | Modified Date = 15.3.2002 10:55:34 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 4.8.2004 8:00:00 | Attr = ]

< End of report >

 

jos jaksat täll vois viel tarkistaa

Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.


=======0

jos et

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

-> Rekistöröidy. -> Virustorjunta.net
Virustorjunta.net on suomalainen haittaohjelmien poistoon keskittyvä sivusto joka kykenee auttamaan sinua mitä erilaisimmissa ongelmissa. Lisäksi siellä on suomen ainut HJT-koulu. Koulussa syvennytään HJT-ohjelman tuottaman informaation analysoimiseen sekä analysoinnin jälkeiseen tietokoneen puhdistamiseen.

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!