Kone hidas ja takkuaa<- uusi kone Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:28, on 23.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\system\CMGxMon.exe C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE C:\Windows\System32\wpcumi.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\p2phost.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Windows\System32\ojz1130.tmp.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\Uniblue\RegistryBooster 2009\registrybooster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Yamicsoft\Vista Manager\VistaManager.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Cmaudio8768GX] C:\Windows\system\CmGXMon.exe Envoke O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [ojz1130.tmp.exe] C:\Windows\system32\ojz1130.tmp.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [UnibluePowerSuite] C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe -- End of file - 9352 bytes ***** LAYERED SERVICE PROVIDER CHECKS ***** Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com [Unregistered version] Scan started at: 23:59:42 20 marras 2009 Using Database v7425 Operating System: Windows 7 Home Premium [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ No errors were located in the Layered Service Provider Registry entries. No action was taken. ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com [Unregistered version] Scan started at: 23:59:06 20 marras 2009 Using Database v7425 Operating System: Windows 7 Home Premium [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 23:59:06: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 23:59:07: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2613248 bytes Created: 9.11.2009 19:19 Modified: 3.8.2009 7:35 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 26112 bytes Created: 14.7.2009 1:34 Modified: 14.7.2009 3:14 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: F-Secure Manager Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE 199264 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation -------------------- Value Name: F-Secure TNB Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe 2349664 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation -------------------- Value Name: CmPCIaudio Value Data: RunDll32 CMICNFG3.cpl,CMICtrlWnd CMICNFG3.cpl - [file not found to scan] -------------------- Value Name: Kernel and Hardware Abstraction Layer Value Data: KHALMNPR.EXE C:\Windows\KHALMNPR.EXE 55824 bytes Created: 12.11.2009 15:25 Modified: 17.6.2009 12:55 Company: Logitech, Inc. -------------------- Value Name: BDRegion Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Cyberlink\Shared Files\brs.exe 75048 bytes Created: 15.11.2009 13:26 Modified: 1.9.2009 17:00 Company: cyberlink -------------------- Value Name: StartCCC Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 98304 bytes Created: 4.11.2009 9:52 Modified: 4.11.2009 9:52 Company: Advanced Micro Devices, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1070984 bytes Created: 20.11.2009 18:01 Modified: 20.11.2009 18:02 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: SpeedBitVideoAccelerator Value Data: C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe 1435240 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. -------------------- Value Name: DriverMax Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent C:\Program Files\Innovative Solutions\DriverMax\devices.exe 7924056 bytes Created: 9.11.2009 20:18 Modified: 30.9.2009 15:48 Company: Innovative Solutions -------------------- Value Name: DriverMax_RESTART Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART C:\Program Files\Innovative Solutions\DriverMax\devices.exe 7924056 bytes Created: 9.11.2009 20:18 Modified: 30.9.2009 15:48 Company: Innovative Solutions -------------------- Value Name: DAEMON Tools Lite Value Data: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun C:\Program Files\DAEMON Tools Lite\DTLite.exe 369200 bytes Created: 30.10.2009 13:57 Modified: 30.10.2009 13:57 Company: DT Soft Ltd -------------------- Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.exe 1173504 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- Value Name: EA Core Value Data: "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent C:\Program Files\Electronic Arts\EADM\Core.exe - [file not found to scan] -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 23:59:09: Scanning -----SHELLEXECUTEHOOKS----- ************************************************************ 23:59:09: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 23:59:09: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 23:59:09: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 23:59:09: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: UxTuneUp Path: %SystemRoot%\System32\uxtuneup.dll C:\Windows\System32\uxtuneup.dll 30024 bytes Created: 1.11.2009 0:14 Modified: 13.11.2009 10:45 Company: TuneUp Software -------------------- ************************************************************ 23:59:09: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.exe C:\Windows\system32\atiesrxx.exe 172032 bytes Created: 4.11.2009 17:45 Modified: 4.11.2009 17:45 Company: AMD ---------- Key: AmdLLD ImagePath: system32\DRIVERS\AmdLLD.sys C:\Windows\system32\DRIVERS\AmdLLD.sys 42552 bytes Created: 19.11.2009 18:08 Modified: 22.4.2009 14:32 Company: Advanced Micro Devices ---------- Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.sys C:\Windows\system32\DRIVERS\amdppm.sys 52736 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 1:11 Company: Microsoft Corporation ---------- Key: amdsata ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys C:\Windows\system32\DRIVERS\amdsata.sys 79952 bytes Created: 10.6.2009 23:19 Modified: 14.7.2009 3:26 Company: Advanced Micro Devices ---------- Key: amdxata ImagePath: system32\DRIVERS\amdxata.sys C:\Windows\system32\DRIVERS\amdxata.sys 23616 bytes Created: 14.7.2009 0:09 Modified: 14.7.2009 3:26 Company: Advanced Micro Devices ---------- Key: archlp ImagePath: system32\drivers\archlp.sys C:\Windows\system32\drivers\archlp.sys - [file not found to scan] ---------- Key: AtiHdmiService ImagePath: system32\drivers\AtiHdmi.sys C:\Windows\system32\drivers\AtiHdmi.sys 104976 bytes Created: 18.11.2009 14:12 Modified: 30.9.2009 16:33 Company: ATI Technologies, Inc. ---------- Key: cmuda3 ImagePath: system32\drivers\cmudax3.sys C:\Windows\system32\drivers\cmudax3.sys 1872320 bytes Created: 13.11.2009 16:48 Modified: 15.6.2009 15:08 Company: C-Media Inc ---------- Key: F-Secure Filter ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys 39776 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: F-Secure Gatekeeper ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys 101496 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:38 Company: F-Secure Corporation ---------- Key: F-Secure Gatekeeper Handler Starter ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe" C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe 215648 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: F-Secure HIPS ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys 68064 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation ---------- Key: F-Secure Recognizer ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys 25184 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: FLEXnet Licensing Service ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 655624 bytes Created: 18.10.2007 16:07 Modified: 18.10.2007 16:07 Company: Acresso Software Inc. ---------- Key: fsbts ImagePath: system32\Drivers\fsbts.sys C:\Windows\system32\Drivers\fsbts.sys 33920 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:39 Company: F-Secure Corporation ---------- Key: FSDFWD ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe" C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe 522848 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:59 Company: F-Secure Corporation ---------- Key: FSES ImagePath: System32\drivers\fses.sys C:\Windows\System32\drivers\fses.sys 35680 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation ---------- Key: FSFW ImagePath: System32\drivers\fsdfw.sys C:\Windows\System32\drivers\fsdfw.sys 71040 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation ---------- Key: FSMA ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE" C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE 186976 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation ---------- Key: FSORSPClient ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe" C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe 55928 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:37 Company: F-Secure Corporation ---------- Key: fssfltr ImagePath: system32\DRIVERS\fssfltr.sys C:\Windows\system32\DRIVERS\fssfltr.sys 54632 bytes Created: 3.10.2009 16:01 Modified: 5.8.2009 21:48 Company: Microsoft Corporation ---------- Key: fsssvc ImagePath: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" C:\Program Files\Windows Live\Family Safety\fsssvc.exe 704864 bytes Created: 5.8.2009 21:48 Modified: 5.8.2009 21:48 Company: Microsoft Corporation ---------- Key: fsvista ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys 12384 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: irsir ImagePath: system32\DRIVERS\irsir.sys C:\Windows\system32\DRIVERS\irsir.sys 20992 bytes Created: 19.1.2008 5:55 Modified: 19.1.2008 5:55 Company: Microsoft Corporation ---------- Key: LGDDCDevice ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys 14336 bytes Created: 3.10.2009 16:08 Modified: 12.12.2008 14:27 Company: [no info] ---------- Key: LGII2CDevice ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys 18432 bytes Created: 3.10.2009 16:08 Modified: 12.12.2008 14:27 Company: [no info] ---------- Key: Nero BackItUp Scheduler 4.0 ImagePath: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 935208 bytes Created: 23.9.2009 13:38 Modified: 23.9.2009 13:38 Company: Nero AG ---------- Key: NVENETFD ImagePath: system32\DRIVERS\nvm62x32.sys C:\Windows\system32\DRIVERS\nvm62x32.sys 347264 bytes Created: 10.6.2009 23:18 Modified: 14.7.2009 0:02 Company: NVIDIA Corporation ---------- Key: NVNET ImagePath: system32\DRIVERS\nvmf6232.sys C:\Windows\system32\DRIVERS\nvmf6232.sys 287392 bytes Created: 13.11.2009 16:47 Modified: 30.7.2009 17:12 Company: NVIDIA Corporation ---------- Key: nvsmu ImagePath: system32\DRIVERS\nvsmu.sys C:\Windows\system32\DRIVERS\nvsmu.sys 17920 bytes Created: 10.11.2009 21:55 Modified: 29.6.2009 0:36 Company: NVIDIA Corporation ---------- Key: PDAgent ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe 939272 bytes Created: 7.10.2009 10:04 Modified: 7.10.2009 10:04 Company: Raxco Software, Inc. ---------- Key: PDEngine ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe 1033480 bytes Created: 7.10.2009 10:05 Modified: 7.10.2009 10:05 Company: Raxco Software, Inc. ---------- Key: PnkBstrA ImagePath: C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrA.exe 66872 bytes Created: 3.10.2009 14:32 Modified: 3.10.2009 14:32 Company: [no info] ---------- Key: PnkBstrB ImagePath: C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\PnkBstrB.exe 107832 bytes Created: 3.10.2009 14:32 Modified: 20.10.2009 16:22 Company: [no info] ---------- Key: rdpbus ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys C:\Windows\system32\DRIVERS\rdpbus.sys 18944 bytes Created: 14.7.2009 2:02 Modified: 14.7.2009 2:02 Company: Microsoft Corporation ---------- Key: SeaPort ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 240512 bytes Created: 19.5.2009 10:36 Modified: 19.5.2009 10:36 Company: Microsoft Corporation ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: TuneUp.Defrag ImagePath: C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe 435016 bytes Created: 1.11.2009 0:14 Modified: 13.11.2009 21:12 Company: TuneUp Software ---------- Key: TuneUp.UtilitiesSvc ImagePath: "C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe 1021256 bytes Created: 13.11.2009 10:49 Modified: 13.11.2009 10:49 Company: TuneUp Software ---------- Key: TuneUpUtilitiesDrv ImagePath: \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 10064 bytes Created: 14.10.2009 7:24 Modified: 14.10.2009 7:24 Company: TuneUp Software ---------- Key: VideoAcceleratorService ImagePath: C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe 300656 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. ---------- Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.sys C:\Windows\system32\DRIVERS\WinUsb.sys 34944 bytes Created: 14.7.2009 1:51 Modified: 14.7.2009 1:51 Company: Microsoft Corporation ---------- Key: wlidsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1533808 bytes Created: 30.3.2009 15:28 Modified: 30.3.2009 15:28 Company: Microsoft Corporation ---------- Key: {B154377D-700F-42cc-9474-23858FBDF4BD} ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl C:\Program Files\CyberLink\PowerDVD9\000.fcl 87536 bytes Created: 1.9.2009 16:59 Modified: 1.9.2009 16:59 Company: CyberLink Corp. ---------- ************************************************************ 23:59:14: Scanning -----VXD ENTRIES----- ************************************************************ 23:59:14: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 23:59:14: Scanning ----- CONTEXTMENUHANDLERS ----- Key: Cover Designer CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} Path: C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll 2250024 bytes Created: 24.9.2009 17:07 Modified: 24.9.2009 17:07 Company: Nero AG ---------- Key: Trojan Remover CLSID: {52B87208-9CCF-42C9-B88E-069281105805} Path: C:\PROGRA~1\Trojan Remover\Trshlex.dll C:\PROGRA~1\Trojan Remover\Trshlex.dll 479744 bytes Created: 20.11.2009 18:01 Modified: 3.5.2009 17:16 Company: Simply Super Software ---------- Key: TuneUp Shredder Shell Extension CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} Path: C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll 30536 bytes Created: 13.11.2009 10:46 Modified: 13.11.2009 10:46 Company: TuneUp Software ---------- Key: {23814B80-52A2-11d0-BC1A-004095606CB9} Path: C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll 64168 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- ************************************************************ 23:59:15: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 371712 bytes Created: 16.4.2009 13:17 Modified: 16.4.2009 13:17 Company: Sun Microsystems, Inc. ---------- Key: {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} File: C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll 2135336 bytes Created: 17.9.2009 13:35 Modified: 17.9.2009 13:35 Company: Nero AG ---------- ************************************************************ 23:59:15: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} BHO: C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll 2655736 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: ---------- Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll 137600 bytes Created: 19.5.2009 10:36 Modified: 19.5.2009 10:36 Company: Microsoft Corporation ---------- Key: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} BHO: C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll 531040 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:59 Company: F-Secure Corporation ---------- Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll C:\Program Files\Windows Live\Toolbar\wltcore.dll 1068904 bytes Created: 6.2.2009 17:17 Modified: 6.2.2009 17:17 Company: Microsoft Corporation ---------- Key: {FF7C3CF0-4B15-11D1-ABED-709549C10000} BHO: C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll 185944 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. ---------- ************************************************************ 23:59:15: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 23:59:15: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- No SharedTaskScheduler entries found to scan ************************************************************ 23:59:15: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 23:59:15: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 23:59:16: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 23:59:16: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 14.7.2009 6:41 Modified: 15.11.2009 11:26 Company: [no info] -------------------- ************************************************************ 23:59:16: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Windows [C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 2.10.2009 15:57 Modified: 9.11.2009 18:56 Company: [no info] ---------- LimeWire On Startup.lnk - links to C:\PROGRA~1\LimeWire\LimeWire.exe C:\PROGRA~1\LimeWire\LimeWire.exe 503808 bytes Created: 30.9.2009 18:06 Modified: 30.9.2009 18:06 Company: Lime Wire, LLC ---------- -------------------- ************************************************************ 23:59:16: Scanning ----- SCHEDULED TASKS ----- Taskname: {287E119D-0ED2-4C54-8EAE-BA6F9F44F1BB} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\InstallHelper.exe" -c "C:\Program Files\Electronic Arts\The Sims 3\Mods\Packages\[ana@66S] Dinner Party.package" ---------- Taskname: {32FF45E6-7363-42FC-8F4C-881B29EE1347} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\Downloads\SDFix.exe -d C:\Windows\system32 ---------- Taskname: {541E934A-7B30-4574-8A04-F70D04FEC31E} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Windows\System\CMICNFG3.cpl ---------- Taskname: {5A1165A9-9E01-4A18-9EC9-F4DCB5277A28} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x000b -removeonly ---------- Taskname: {5A56B5AB-E303-4B18-91FE-F50859537870} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\AppData\Local\Temp\FooPlugin0.9Setup_2.1.exe -d "C:\Program Files\Last.fm" -c /SILENT /DIR="C:\Program Files\Spotify\components\" ---------- Taskname: {76B4052F-5980-44FF-AD04-92B33B076E2D} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207\TS3InstallHelper.exe -d C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207 -c /UAC:206D4 /NCRC ---------- Taskname: {AD92A0D9-2C37-4A2B-AE95-3C11C7691D38} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCCHRDWB\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: {CFC14368-E5C0-48C2-B0C1-56B9AB320110} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXQ0I92F\9-9_vista32-64_hydravision[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: {E06AAB02-A5F7-4881-8E4F-42BEA8EA7F35} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]\The Sims 3 v1.27 to v1.3.2.exe" -d "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]" ---------- Taskname: {EDBCD0B4-46A9-4906-8380-E022F78249FB} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Windows\uninstall\Satellite TV for PC Elite\setup.exe" ---------- Taskname: {F1888B49-A348-447B-9AFF-3C374B53F55B} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTJVF0OU\9-9_vista32_win7_32_dd[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: Automatic troubleshooting File: C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe 316232 bytes Created: 13.11.2009 10:54 Modified: 13.11.2009 10:54 Company: TuneUp Software Schedule: Multiple schedule times Next Run Time: 21.11.2009 20:00:00 Status: Queued Status: Comments: Starts automatic troubleshooting at specific times ---------- Taskname: FileHippo.com Update Checker File: C:\Program Files\FileHippo.com\UpdateChecker.exe C:\Program Files\FileHippo.com\UpdateChecker.exe 155648 bytes Created: 28.9.2009 11:49 Modified: 28.9.2009 11:49 Company: FileHippo.com Parameters: /background Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:81C859F3 ---------- Taskname: InstallShield Software update service File: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe Parameters: -startup Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:04D036CE C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe - [file not found to scan] ---------- Taskname: InstallShield Software-Aktualisierungsdienst File: C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe 196608 bytes Created: 3.10.2009 16:08 Modified: 17.4.2004 11:41 Company: InstallShield Software Corporation Parameters: -startup Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:7CBD3F7F ---------- Taskname: Java Update Scheduler File: C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jusched.exe 149280 bytes Created: 3.10.2009 15:10 Modified: 5.11.2009 16:37 Company: Sun Microsystems, Inc. Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:819099AB ---------- Taskname: TuneUpUtilities_Task_BkGndMaintenance File: C:\Program Files\TuneUp Utilities 2010\OneClick.exe C:\Program Files\TuneUp Utilities 2010\OneClick.exe 649544 bytes Created: 13.11.2009 10:55 Modified: 13.11.2009 10:55 Company: TuneUp Software Parameters: $(Arg0) Schedule: Task not scheduled Next Run Time: Status: Ready Status: Comments: ---------- Taskname: User_Feed_Synchronization-{BCAE4A76-79EC-4515-8B11-3CC294757FFB} File: C:\Windows\system32\msfeedssync.exe C:\Windows\system32\msfeedssync.exe 12800 bytes Created: 14.7.2009 1:42 Modified: 14.7.2009 3:14 Company: Microsoft Corporation Parameters: sync Schedule: At 22:12:29 every day Next Run Time: 21.11.2009 0:12:29 Status: Ready Status: Windows-PC\Windows Comments: Päivittää vanhentuneet järjestelmäsyötteet. ---------- ************************************************************ 23:59:17: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Windows\system32\ntshrui.dll 442880 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:16 Company: Microsoft Corporation ---------- ************************************************************ 23:59:17: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: msacm.divxa32 File: msaud32_divx.acm C:\Windows\system32\msaud32_divx.acm 186368 bytes Created: 3.2.2003 8:01 Modified: 3.2.2003 8:01 Company: Microsoft Corporation ---------- Value: msacm.l3codecp File: l3codecp.acm C:\Windows\system32\l3codecp.acm 220672 bytes Created: 14.7.2009 2:09 Modified: 14.7.2009 3:14 Company: Fraunhofer Institut Integrierte Schaltungen IIS ---------- Value: vidc.VP60 File: C:\Windows\system32\vp6vfw.dll C:\Windows\system32\vp6vfw.dll -R- 447752 bytes Created: 4.9.2008 20:17 Modified: 4.9.2008 20:17 Company: On2.com ---------- Value: vidc.VP61 File: C:\Windows\system32\vp6vfw.dll C:\Windows\system32\vp6vfw.dll - file already scanned ---------- ************************************************************ 23:59:17: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp 5184054 bytes Created: 25.10.2009 16:58 Modified: 19.11.2009 23:44 Company: [no info] ---------- Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\img24.jpg C:\Windows\web\wallpaper\img24.jpg - [file not found to scan] ---------- DNS Server information: Interface: NVIDIA nForce Networking Controller NameServers: 66.90.65.89,4.2.2.1 Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 23:59:18: Scanning ----- RUNNING PROCESSES ----- C:\Windows\System32\smss.exe 69632 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\csrss.exe 6144 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\wininit.exe 96256 bytes Created: 14.7.2009 1:36 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\csrss.exe - file already scanned -------------------- C:\Windows\system32\services.exe 259072 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\lsass.exe 22528 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\lsm.exe 261120 bytes Created: 14.7.2009 2:02 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\winlogon.exe 285696 bytes Created: 14.7.2009 1:37 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe 20992 bytes Created: 14.7.2009 1:19 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\atiesrxx.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\atieclxx.exe 360448 bytes Created: 4.11.2009 17:45 Modified: 4.11.2009 17:45 Company: AMD -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\System32\spoolsv.exe 316416 bytes Created: 14.7.2009 2:18 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 144672 bytes Created: 28.8.2009 18:42 Modified: 28.8.2009 18:42 Company: Apple Inc. -------------------- C:\Program Files\Bonjour\mDNSResponder.exe 238888 bytes Created: 12.12.2008 10:17 Modified: 12.12.2008 10:17 Company: Apple Inc. -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\FSGK32.EXE 476800 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:36 Company: F-Secure Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE - file already scanned -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe 73728 bytes Created: 20.8.2009 13:34 Modified: 20.8.2009 13:34 Company: Hewlett-Packard Company -------------------- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - file already scanned -------------------- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe - file already scanned -------------------- C:\Windows\system32\PnkBstrA.exe - file already scanned -------------------- C:\Windows\system32\PnkBstrB.exe - file already scanned -------------------- C:\Windows\system32\Dwm.exe 92672 bytes Created: 14.7.2009 1:24 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\Explorer.EXE - file already scanned -------------------- C:\Windows\system32\taskhost.exe 49152 bytes Created: 14.7.2009 1:19 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe - file already scanned -------------------- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe - file already scanned -------------------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - file already scanned -------------------- C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe 140920 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. -------------------- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe 486216 bytes Created: 13.11.2009 10:51 Modified: 13.11.2009 10:51 Company: TuneUp Software -------------------- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe - file already scanned -------------------- C:\Windows\System32\rundll32.exe 44544 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\CyberLink\Shared files\brs.exe - file already scanned -------------------- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe - file already scanned -------------------- C:\Program Files\Innovative Solutions\DriverMax\devices.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 65536 bytes Created: 22.4.2009 17:38 Modified: 22.4.2009 17:38 Company: Advanced Micro Devices Inc. -------------------- C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned -------------------- C:\Program Files\LimeWire\LimeWire.exe 503808 bytes Created: 30.9.2009 18:06 Modified: 30.9.2009 18:06 Company: Lime Wire, LLC -------------------- C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe 66824 bytes Created: 7.10.2009 10:05 Modified: 7.10.2009 10:05 Company: Raxco Software, Inc. -------------------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 183152 bytes Created: 30.3.2009 15:28 Modified: 30.3.2009 15:28 Company: Microsoft Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fssm32.exe 599168 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:36 Company: F-Secure Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 65536 bytes Created: 22.4.2009 17:37 Modified: 22.4.2009 17:37 Company: ATI Technologies Inc. -------------------- C:\Windows\system32\WUDFHost.exe 195584 bytes Created: 14.7.2009 1:50 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Windows Media Player\wmpnetwk.exe 1121280 bytes Created: 14.7.2009 2:09 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\AMD\AMD Power Monitor\AMD Power Monitor.exe 470016 bytes Created: 21.5.2009 5:54 Modified: 21.5.2009 5:54 Company: -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Spotify\spotify.exe 2876144 bytes Created: 7.10.2009 20:02 Modified: 6.11.2009 16:12 Company: Spotify AB -------------------- C:\Program Files\DAEMON Tools Lite\DTLite.exe - file already scanned -------------------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3883856 bytes Created: 26.7.2009 15:44 Modified: 26.7.2009 15:44 Company: Microsoft Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSHDLL32.EXE 88672 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsav32.exe 347776 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:38 Company: F-Secure Corporation -------------------- C:\Program Files\Windows Live\Contacts\wlcomm.exe 27512 bytes Created: 6.2.2009 16:07 Modified: 6.2.2009 16:07 Company: Microsoft Corporation -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 3101560 [This is a Trojan Remover component] -------------------- C:\Program Files\uTorrent\uTorrent.exe 289072 bytes Created: 3.10.2009 17:23 Modified: 3.10.2009 17:23 Company: BitTorrent, Inc. -------------------- C:\Windows\explorer.exe - file already scanned -------------------- ************************************************************ 23:59:21: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.fi/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 23:59:21 20 marras 2009 Total Scan time: 00:00:14 ************************************************************ ***** DRIVE/DIRECTORY SCAN ***** Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com [Unregistered version] Scan started at: 18:04:59 20 marras 2009 Using Database v7425 Operating System: Windows 7 Home Premium [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ Carrying out scan on C:\ (including subdirectories) Archive files will be EXCLUDED. ------------------------------ C:\Boot\BCD appears to be in-use/locked C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\Uninstall.exe appears to contain: Trojan.FakeAlert C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\Uninstall.exe - process is either not running or could not be terminated C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\Uninstall.exe - file renamed to: C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\Uninstall.exe.vir C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin appears to be in-use/locked C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin appears to be in-use/locked C:\Users\Windows\AppData\Local\Spotify\Storage\index.dat appears to be in-use/locked C:\Users\Windows\AppData\Roaming\Adobe\Bridge CS4\Cache\1024\2009111207B15967\IMG_5228.CR2.jpg appears to contain: Trojan.Spy.Banker C:\Users\Windows\AppData\Roaming\Adobe\Bridge CS4\Cache\1024\2009111207B15967\IMG_5228.CR2.jpg - file renamed to: C:\Users\Windows\AppData\Roaming\Adobe\Bridge CS4\Cache\1024\2009111207B15967\IMG_5228.CR2.jpg.vir C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat appears to be in-use/locked C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat appears to be in-use/locked C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb appears to be in-use/locked C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb appears to be in-use/locked C:\Windows\System32\config\RegBack\DEFAULT appears to be in-use/locked C:\Windows\System32\config\RegBack\SAM appears to be in-use/locked C:\Windows\System32\config\RegBack\SECURITY appears to be in-use/locked C:\Windows\System32\drivers\sptd.sys appears to be in-use/locked ------------------------------ 116765 files scanned 2 Malware file(s) detected Scan completed at: 23:53:49 20 marras 2009 Total Scan time: 05:48:50 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com [Unregistered version] Scan started at: 18:04:29 20 marras 2009 Using Database v7425 Operating System: Windows 7 Home Premium [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 18:04:29: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 18:04:29: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2613248 bytes Created: 9.11.2009 19:19 Modified: 3.8.2009 7:35 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 26112 bytes Created: 14.7.2009 1:34 Modified: 14.7.2009 3:14 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: F-Secure Manager Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE 199264 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation -------------------- Value Name: F-Secure TNB Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe 2349664 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation -------------------- Value Name: CmPCIaudio Value Data: RunDll32 CMICNFG3.cpl,CMICtrlWnd CMICNFG3.cpl - [file not found to scan] -------------------- Value Name: Kernel and Hardware Abstraction Layer Value Data: KHALMNPR.EXE C:\Windows\KHALMNPR.EXE 55824 bytes Created: 12.11.2009 15:25 Modified: 17.6.2009 12:55 Company: Logitech, Inc. -------------------- Value Name: BDRegion Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Cyberlink\Shared Files\brs.exe 75048 bytes Created: 15.11.2009 13:26 Modified: 1.9.2009 17:00 Company: cyberlink -------------------- Value Name: StartCCC Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 98304 bytes Created: 4.11.2009 9:52 Modified: 4.11.2009 9:52 Company: Advanced Micro Devices, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1070984 bytes Created: 20.11.2009 18:01 Modified: 20.11.2009 18:02 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: SpeedBitVideoAccelerator Value Data: C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe 1435240 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. -------------------- Value Name: DriverMax Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent C:\Program Files\Innovative Solutions\DriverMax\devices.exe 7924056 bytes Created: 9.11.2009 20:18 Modified: 30.9.2009 15:48 Company: Innovative Solutions -------------------- Value Name: DriverMax_RESTART Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART C:\Program Files\Innovative Solutions\DriverMax\devices.exe 7924056 bytes Created: 9.11.2009 20:18 Modified: 30.9.2009 15:48 Company: Innovative Solutions -------------------- Value Name: DAEMON Tools Lite Value Data: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun C:\Program Files\DAEMON Tools Lite\DTLite.exe 369200 bytes Created: 30.10.2009 13:57 Modified: 30.10.2009 13:57 Company: DT Soft Ltd -------------------- Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.exe 1173504 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- Value Name: EA Core Value Data: "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent C:\Program Files\Electronic Arts\EADM\Core.exe - [file not found to scan] -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 18:04:37: Scanning -----SHELLEXECUTEHOOKS----- ************************************************************ 18:04:37: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 18:04:38: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 18:04:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 18:04:39: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: UxTuneUp Path: %SystemRoot%\System32\uxtuneup.dll C:\Windows\System32\uxtuneup.dll 30024 bytes Created: 1.11.2009 0:14 Modified: 13.11.2009 10:45 Company: TuneUp Software -------------------- ************************************************************ 18:04:45: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.exe C:\Windows\system32\atiesrxx.exe 172032 bytes Created: 4.11.2009 17:45 Modified: 4.11.2009 17:45 Company: AMD ---------- Key: AmdLLD ImagePath: system32\DRIVERS\AmdLLD.sys C:\Windows\system32\DRIVERS\AmdLLD.sys 42552 bytes Created: 19.11.2009 18:08 Modified: 22.4.2009 14:32 Company: Advanced Micro Devices ---------- Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.sys C:\Windows\system32\DRIVERS\amdppm.sys 52736 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 1:11 Company: Microsoft Corporation ---------- Key: amdsata ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys C:\Windows\system32\DRIVERS\amdsata.sys 79952 bytes Created: 10.6.2009 23:19 Modified: 14.7.2009 3:26 Company: Advanced Micro Devices ---------- Key: amdxata ImagePath: system32\DRIVERS\amdxata.sys C:\Windows\system32\DRIVERS\amdxata.sys 23616 bytes Created: 14.7.2009 0:09 Modified: 14.7.2009 3:26 Company: Advanced Micro Devices ---------- Key: archlp ImagePath: system32\drivers\archlp.sys C:\Windows\system32\drivers\archlp.sys - [file not found to scan] ---------- Key: AtiHdmiService ImagePath: system32\drivers\AtiHdmi.sys C:\Windows\system32\drivers\AtiHdmi.sys 104976 bytes Created: 18.11.2009 14:12 Modified: 30.9.2009 16:33 Company: ATI Technologies, Inc. ---------- Key: cmuda3 ImagePath: system32\drivers\cmudax3.sys C:\Windows\system32\drivers\cmudax3.sys 1872320 bytes Created: 13.11.2009 16:48 Modified: 15.6.2009 15:08 Company: C-Media Inc ---------- Key: F-Secure Filter ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys 39776 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: F-Secure Gatekeeper ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys 101496 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:38 Company: F-Secure Corporation ---------- Key: F-Secure Gatekeeper Handler Starter ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe" C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe 215648 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: F-Secure HIPS ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys 68064 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation ---------- Key: F-Secure Recognizer ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys 25184 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: FLEXnet Licensing Service ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 655624 bytes Created: 18.10.2007 16:07 Modified: 18.10.2007 16:07 Company: Acresso Software Inc. ---------- Key: fsbts ImagePath: system32\Drivers\fsbts.sys C:\Windows\system32\Drivers\fsbts.sys 33920 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:39 Company: F-Secure Corporation ---------- Key: FSDFWD ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe" C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe 522848 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:59 Company: F-Secure Corporation ---------- Key: FSES ImagePath: System32\drivers\fses.sys C:\Windows\System32\drivers\fses.sys 35680 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation ---------- Key: FSFW ImagePath: System32\drivers\fsdfw.sys C:\Windows\System32\drivers\fsdfw.sys 71040 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation ---------- Key: FSMA ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE" C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE 186976 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation ---------- Key: FSORSPClient ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe" C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe 55928 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:37 Company: F-Secure Corporation ---------- Key: fssfltr ImagePath: system32\DRIVERS\fssfltr.sys C:\Windows\system32\DRIVERS\fssfltr.sys 54632 bytes Created: 3.10.2009 16:01 Modified: 5.8.2009 21:48 Company: Microsoft Corporation ---------- Key: fsssvc ImagePath: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" C:\Program Files\Windows Live\Family Safety\fsssvc.exe 704864 bytes Created: 5.8.2009 21:48 Modified: 5.8.2009 21:48 Company: Microsoft Corporation ---------- Key: fsvista ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys 12384 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: irsir ImagePath: system32\DRIVERS\irsir.sys C:\Windows\system32\DRIVERS\irsir.sys 20992 bytes Created: 19.1.2008 5:55 Modified: 19.1.2008 5:55 Company: Microsoft Corporation ---------- Key: LGDDCDevice ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys 14336 bytes Created: 3.10.2009 16:08 Modified: 12.12.2008 14:27 Company: [no info] ---------- Key: LGII2CDevice ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys 18432 bytes Created: 3.10.2009 16:08 Modified: 12.12.2008 14:27 Company: [no info] ---------- Key: Nero BackItUp Scheduler 4.0 ImagePath: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 935208 bytes Created: 23.9.2009 13:38 Modified: 23.9.2009 13:38 Company: Nero AG ---------- Key: NVENETFD ImagePath: system32\DRIVERS\nvm62x32.sys C:\Windows\system32\DRIVERS\nvm62x32.sys 347264 bytes Created: 10.6.2009 23:18 Modified: 14.7.2009 0:02 Company: NVIDIA Corporation ---------- Key: NVNET ImagePath: system32\DRIVERS\nvmf6232.sys C:\Windows\system32\DRIVERS\nvmf6232.sys 287392 bytes Created: 13.11.2009 16:47 Modified: 30.7.2009 17:12 Company: NVIDIA Corporation ---------- Key: nvsmu ImagePath: system32\DRIVERS\nvsmu.sys C:\Windows\system32\DRIVERS\nvsmu.sys 17920 bytes Created: 10.11.2009 21:55 Modified: 29.6.2009 0:36 Company: NVIDIA Corporation ---------- Key: PDAgent ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe 939272 bytes Created: 7.10.2009 10:04 Modified: 7.10.2009 10:04 Company: Raxco Software, Inc. ---------- Key: PDEngine ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe 1033480 bytes Created: 7.10.2009 10:05 Modified: 7.10.2009 10:05 Company: Raxco Software, Inc. ---------- Key: PnkBstrA ImagePath: C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrA.exe 66872 bytes Created: 3.10.2009 14:32 Modified: 3.10.2009 14:32 Company: [no info] ---------- Key: PnkBstrB ImagePath: C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\PnkBstrB.exe 107832 bytes Created: 3.10.2009 14:32 Modified: 20.10.2009 16:22 Company: [no info] ---------- Key: rdpbus ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys C:\Windows\system32\DRIVERS\rdpbus.sys 18944 bytes Created: 14.7.2009 2:02 Modified: 14.7.2009 2:02 Company: Microsoft Corporation ---------- Key: SeaPort ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 240512 bytes Created: 19.5.2009 10:36 Modified: 19.5.2009 10:36 Company: Microsoft Corporation ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: TuneUp.Defrag ImagePath: C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe 435016 bytes Created: 1.11.2009 0:14 Modified: 13.11.2009 21:12 Company: TuneUp Software ---------- Key: TuneUp.UtilitiesSvc ImagePath: "C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe 1021256 bytes Created: 13.11.2009 10:49 Modified: 13.11.2009 10:49 Company: TuneUp Software ---------- Key: TuneUpUtilitiesDrv ImagePath: \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 10064 bytes Created: 14.10.2009 7:24 Modified: 14.10.2009 7:24 Company: TuneUp Software ---------- Key: VideoAcceleratorService ImagePath: C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe 300656 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. ---------- Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.sys C:\Windows\system32\DRIVERS\WinUsb.sys 34944 bytes Created: 14.7.2009 1:51 Modified: 14.7.2009 1:51 Company: Microsoft Corporation ---------- Key: wlidsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1533808 bytes Created: 30.3.2009 15:28 Modified: 30.3.2009 15:28 Company: Microsoft Corporation ---------- Key: {B154377D-700F-42cc-9474-23858FBDF4BD} ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl C:\Program Files\CyberLink\PowerDVD9\000.fcl 87536 bytes Created: 1.9.2009 16:59 Modified: 1.9.2009 16:59 Company: CyberLink Corp. ---------- ************************************************************ 18:04:48: Scanning -----VXD ENTRIES----- ************************************************************ 18:04:48: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 18:04:48: Scanning ----- CONTEXTMENUHANDLERS ----- Key: Cover Designer CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} Path: C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll 2250024 bytes Created: 24.9.2009 17:07 Modified: 24.9.2009 17:07 Company: Nero AG ---------- Key: Trojan Remover CLSID: {52B87208-9CCF-42C9-B88E-069281105805} Path: C:\PROGRA~1\Trojan Remover\Trshlex.dll C:\PROGRA~1\Trojan Remover\Trshlex.dll 479744 bytes Created: 20.11.2009 18:01 Modified: 3.5.2009 17:16 Company: Simply Super Software ---------- Key: TuneUp Shredder Shell Extension CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} Path: C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll 30536 bytes Created: 13.11.2009 10:46 Modified: 13.11.2009 10:46 Company: TuneUp Software ---------- Key: {23814B80-52A2-11d0-BC1A-004095606CB9} Path: C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll 64168 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- ************************************************************ 18:04:49: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 371712 bytes Created: 16.4.2009 13:17 Modified: 16.4.2009 13:17 Company: Sun Microsystems, Inc. ---------- Key: {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} File: C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll 2135336 bytes Created: 17.9.2009 13:35 Modified: 17.9.2009 13:35 Company: Nero AG ---------- ************************************************************ 18:04:49: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} BHO: C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll 2655736 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: ---------- Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll 137600 bytes Created: 19.5.2009 10:36 Modified: 19.5.2009 10:36 Company: Microsoft Corporation ---------- Key: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} BHO: C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll 531040 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:59 Company: F-Secure Corporation ---------- Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll C:\Program Files\Windows Live\Toolbar\wltcore.dll 1068904 bytes Created: 6.2.2009 17:17 Modified: 6.2.2009 17:17 Company: Microsoft Corporation ---------- Key: {FF7C3CF0-4B15-11D1-ABED-709549C10000} BHO: C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll 185944 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. ---------- ************************************************************ 18:04:49: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 18:04:49: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- No SharedTaskScheduler entries found to scan ************************************************************ 18:04:49: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 18:04:49: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 18:04:49: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 18:04:49: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 14.7.2009 6:41 Modified: 15.11.2009 11:26 Company: [no info] -------------------- ************************************************************ 18:04:49: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Windows [C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 2.10.2009 15:57 Modified: 9.11.2009 18:56 Company: [no info] ---------- LimeWire On Startup.lnk - links to C:\PROGRA~1\LimeWire\LimeWire.exe C:\PROGRA~1\LimeWire\LimeWire.exe 503808 bytes Created: 30.9.2009 18:06 Modified: 30.9.2009 18:06 Company: Lime Wire, LLC ---------- -------------------- ************************************************************ 18:04:49: Scanning ----- SCHEDULED TASKS ----- Taskname: {287E119D-0ED2-4C54-8EAE-BA6F9F44F1BB} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\InstallHelper.exe" -c "C:\Program Files\Electronic Arts\The Sims 3\Mods\Packages\[ana@66S] Dinner Party.package" ---------- Taskname: {32FF45E6-7363-42FC-8F4C-881B29EE1347} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\Downloads\SDFix.exe -d C:\Windows\system32 ---------- Taskname: {541E934A-7B30-4574-8A04-F70D04FEC31E} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Windows\System\CMICNFG3.cpl ---------- Taskname: {5A1165A9-9E01-4A18-9EC9-F4DCB5277A28} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x000b -removeonly ---------- Taskname: {5A56B5AB-E303-4B18-91FE-F50859537870} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\AppData\Local\Temp\FooPlugin0.9Setup_2.1.exe -d "C:\Program Files\Last.fm" -c /SILENT /DIR="C:\Program Files\Spotify\components\" ---------- Taskname: {76B4052F-5980-44FF-AD04-92B33B076E2D} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207\TS3InstallHelper.exe -d C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207 -c /UAC:206D4 /NCRC ---------- Taskname: {AD92A0D9-2C37-4A2B-AE95-3C11C7691D38} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCCHRDWB\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: {CFC14368-E5C0-48C2-B0C1-56B9AB320110} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXQ0I92F\9-9_vista32-64_hydravision[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: {E06AAB02-A5F7-4881-8E4F-42BEA8EA7F35} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]\The Sims 3 v1.27 to v1.3.2.exe" -d "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]" ---------- Taskname: {EDBCD0B4-46A9-4906-8380-E022F78249FB} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Windows\uninstall\Satellite TV for PC Elite\setup.exe" ---------- Taskname: {F1888B49-A348-447B-9AFF-3C374B53F55B} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTJVF0OU\9-9_vista32_win7_32_dd[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: Automatic troubleshooting File: C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe 316232 bytes Created: 13.11.2009 10:54 Modified: 13.11.2009 10:54 Company: TuneUp Software Schedule: Multiple schedule times Next Run Time: 20.11.2009 20:00:00 Status: Ready Status: Comments: Starts automatic troubleshooting at specific times ---------- Taskname: FileHippo.com Update Checker File: C:\Program Files\FileHippo.com\UpdateChecker.exe C:\Program Files\FileHippo.com\UpdateChecker.exe 155648 bytes Created: 28.9.2009 11:49 Modified: 28.9.2009 11:49 Company: FileHippo.com Parameters: /background Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:81C859F3 ---------- Taskname: InstallShield Software update service File: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe Parameters: -startup Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:04D036CE C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe - [file not found to scan] ---------- Taskname: InstallShield Software-Aktualisierungsdienst File: C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe 196608 bytes Created: 3.10.2009 16:08 Modified: 17.4.2004 11:41 Company: InstallShield Software Corporation Parameters: -startup Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:7CBD3F7F ---------- Taskname: Java Update Scheduler File: C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jusched.exe 149280 bytes Created: 3.10.2009 15:10 Modified: 5.11.2009 16:37 Company: Sun Microsystems, Inc. Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:819099AB ---------- Taskname: TuneUpUtilities_Task_BkGndMaintenance File: C:\Program Files\TuneUp Utilities 2010\OneClick.exe C:\Program Files\TuneUp Utilities 2010\OneClick.exe 649544 bytes Created: 13.11.2009 10:55 Modified: 13.11.2009 10:55 Company: TuneUp Software Parameters: $(Arg0) Schedule: Task not scheduled Next Run Time: Status: Ready Status: Comments: ---------- Taskname: User_Feed_Synchronization-{BCAE4A76-79EC-4515-8B11-3CC294757FFB} File: C:\Windows\system32\msfeedssync.exe C:\Windows\system32\msfeedssync.exe 12800 bytes Created: 14.7.2009 1:42 Modified: 14.7.2009 3:14 Company: Microsoft Corporation Parameters: sync Schedule: At 16:06:02 every day Next Run Time: 20.11.2009 18:06:02 Status: Ready Status: Windows-PC\Windows Comments: Päivittää vanhentuneet järjestelmäsyötteet. ---------- ************************************************************ 18:04:50: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Windows\system32\ntshrui.dll 442880 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:16 Company: Microsoft Corporation ---------- ************************************************************ 18:04:50: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: msacm.divxa32 File: msaud32_divx.acm C:\Windows\system32\msaud32_divx.acm 186368 bytes Created: 3.2.2003 8:01 Modified: 3.2.2003 8:01 Company: Microsoft Corporation ---------- Value: msacm.l3codecp File: l3codecp.acm C:\Windows\system32\l3codecp.acm 220672 bytes Created: 14.7.2009 2:09 Modified: 14.7.2009 3:14 Company: Fraunhofer Institut Integrierte Schaltungen IIS ---------- Value: vidc.VP60 File: C:\Windows\system32\vp6vfw.dll C:\Windows\system32\vp6vfw.dll -R- 447752 bytes Created: 4.9.2008 20:17 Modified: 4.9.2008 20:17 Company: On2.com ---------- Value: vidc.VP61 File: C:\Windows\system32\vp6vfw.dll C:\Windows\system32\vp6vfw.dll - file already scanned ---------- ************************************************************ 18:04:51: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp 5184054 bytes Created: 25.10.2009 16:58 Modified: 19.11.2009 23:44 Company: [no info] ---------- Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\img24.jpg C:\Windows\web\wallpaper\img24.jpg - [file not found to scan] ---------- DNS Server information: Interface: NVIDIA nForce Networking Controller NameServers: 66.90.65.89,4.2.2.1 Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 18:04:51: Scanning ----- RUNNING PROCESSES ----- C:\Windows\System32\smss.exe 69632 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\csrss.exe 6144 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\wininit.exe 96256 bytes Created: 14.7.2009 1:36 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\csrss.exe - file already scanned -------------------- C:\Windows\system32\services.exe 259072 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\lsass.exe 22528 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\lsm.exe 261120 bytes Created: 14.7.2009 2:02 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\winlogon.exe 285696 bytes Created: 14.7.2009 1:37 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe 20992 bytes Created: 14.7.2009 1:19 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\atiesrxx.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\atieclxx.exe 360448 bytes Created: 4.11.2009 17:45 Modified: 4.11.2009 17:45 Company: AMD -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\System32\spoolsv.exe 316416 bytes Created: 14.7.2009 2:18 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 144672 bytes Created: 28.8.2009 18:42 Modified: 28.8.2009 18:42 Company: Apple Inc. -------------------- C:\Program Files\Bonjour\mDNSResponder.exe 238888 bytes Created: 12.12.2008 10:17 Modified: 12.12.2008 10:17 Company: Apple Inc. -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\FSGK32.EXE 476800 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:36 Company: F-Secure Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE - file already scanned -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe 73728 bytes Created: 20.8.2009 13:34 Modified: 20.8.2009 13:34 Company: Hewlett-Packard Company -------------------- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - file already scanned -------------------- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe - file already scanned -------------------- C:\Windows\system32\PnkBstrA.exe - file already scanned -------------------- C:\Windows\system32\PnkBstrB.exe - file already scanned -------------------- C:\Windows\system32\Dwm.exe 92672 bytes Created: 14.7.2009 1:24 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\Explorer.EXE - file already scanned -------------------- C:\Windows\system32\taskhost.exe 49152 bytes Created: 14.7.2009 1:19 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe - file already scanned -------------------- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe - file already scanned -------------------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - file already scanned -------------------- C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe 140920 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. -------------------- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe 486216 bytes Created: 13.11.2009 10:51 Modified: 13.11.2009 10:51 Company: TuneUp Software -------------------- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe - file already scanned -------------------- C:\Windows\System32\rundll32.exe 44544 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\CyberLink\Shared files\brs.exe - file already scanned -------------------- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe - file already scanned -------------------- C:\Program Files\Innovative Solutions\DriverMax\devices.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 65536 bytes Created: 22.4.2009 17:38 Modified: 22.4.2009 17:38 Company: Advanced Micro Devices Inc. -------------------- C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned -------------------- C:\Program Files\LimeWire\LimeWire.exe 503808 bytes Created: 30.9.2009 18:06 Modified: 30.9.2009 18:06 Company: Lime Wire, LLC -------------------- C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe 66824 bytes Created: 7.10.2009 10:05 Modified: 7.10.2009 10:05 Company: Raxco Software, Inc. -------------------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 183152 bytes Created: 30.3.2009 15:28 Modified: 30.3.2009 15:28 Company: Microsoft Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fssm32.exe 599168 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:36 Company: F-Secure Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 65536 bytes Created: 22.4.2009 17:37 Modified: 22.4.2009 17:37 Company: ATI Technologies Inc. -------------------- C:\Windows\system32\WUDFHost.exe 195584 bytes Created: 14.7.2009 1:50 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Windows Media Player\wmpnetwk.exe 1121280 bytes Created: 14.7.2009 2:09 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\AMD\AMD Power Monitor\AMD Power Monitor.exe 470016 bytes Created: 21.5.2009 5:54 Modified: 21.5.2009 5:54 Company: -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Spotify\spotify.exe 2876144 bytes Created: 7.10.2009 20:02 Modified: 6.11.2009 16:12 Company: Spotify AB -------------------- C:\Program Files\uTorrent\uTorrent.exe 289072 bytes Created: 3.10.2009 17:23 Modified: 3.10.2009 17:23 Company: BitTorrent, Inc. -------------------- C:\Program Files\DAEMON Tools Lite\DTLite.exe - file already scanned -------------------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3883856 bytes Created: 26.7.2009 15:44 Modified: 26.7.2009 15:44 Company: Microsoft Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSHDLL32.EXE 88672 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsav32.exe 347776 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:38 Company: F-Secure Corporation -------------------- C:\Program Files\Windows Live\Contacts\wlcomm.exe 27512 bytes Created: 6.2.2009 16:07 Modified: 6.2.2009 16:07 Company: Microsoft Corporation -------------------- C:\Windows\explorer.exe - file already scanned -------------------- C:\Program Files\Mozilla Firefox\firefox.exe 908248 bytes Created: 24.10.2009 20:37 Modified: 3.11.2009 5:31 Company: Mozilla Corporation -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 3101560 [This is a Trojan Remover component] -------------------- ************************************************************ 18:04:54: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.fi/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 18:04:54 20 marras 2009 Total Scan time: 00:00:25 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com [Unregistered version] Scan started at: 18:03:11 20 marras 2009 Using Database v7425 Operating System: Windows 7 Home Premium [Build: 6.1.7600] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 18:03:11: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 18:03:11: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2613248 bytes Created: 9.11.2009 19:19 Modified: 3.8.2009 7:35 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 26112 bytes Created: 14.7.2009 1:34 Modified: 14.7.2009 3:14 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: F-Secure Manager Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE 199264 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation -------------------- Value Name: F-Secure TNB Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe 2349664 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation -------------------- Value Name: CmPCIaudio Value Data: RunDll32 CMICNFG3.cpl,CMICtrlWnd CMICNFG3.cpl - [file not found to scan] -------------------- Value Name: Kernel and Hardware Abstraction Layer Value Data: KHALMNPR.EXE C:\Windows\KHALMNPR.EXE 55824 bytes Created: 12.11.2009 15:25 Modified: 17.6.2009 12:55 Company: Logitech, Inc. -------------------- Value Name: BDRegion Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Cyberlink\Shared Files\brs.exe 75048 bytes Created: 15.11.2009 13:26 Modified: 1.9.2009 17:00 Company: cyberlink -------------------- Value Name: StartCCC Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 98304 bytes Created: 4.11.2009 9:52 Modified: 4.11.2009 9:52 Company: Advanced Micro Devices, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1070984 bytes Created: 20.11.2009 18:01 Modified: 20.11.2009 18:02 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: SpeedBitVideoAccelerator Value Data: C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe 1435240 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. -------------------- Value Name: DriverMax Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent C:\Program Files\Innovative Solutions\DriverMax\devices.exe 7924056 bytes Created: 9.11.2009 20:18 Modified: 30.9.2009 15:48 Company: Innovative Solutions -------------------- Value Name: DriverMax_RESTART Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART C:\Program Files\Innovative Solutions\DriverMax\devices.exe 7924056 bytes Created: 9.11.2009 20:18 Modified: 30.9.2009 15:48 Company: Innovative Solutions -------------------- Value Name: DAEMON Tools Lite Value Data: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun C:\Program Files\DAEMON Tools Lite\DTLite.exe 369200 bytes Created: 30.10.2009 13:57 Modified: 30.10.2009 13:57 Company: DT Soft Ltd -------------------- Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.exe 1173504 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- Value Name: EA Core Value Data: "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent C:\Program Files\Electronic Arts\EADM\Core.exe - [file not found to scan] -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 18:03:13: Scanning -----SHELLEXECUTEHOOKS----- ************************************************************ 18:03:13: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 18:03:13: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 18:03:13: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************************ 18:03:13: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: UxTuneUp Path: %SystemRoot%\System32\uxtuneup.dll C:\Windows\System32\uxtuneup.dll 30024 bytes Created: 1.11.2009 0:14 Modified: 13.11.2009 10:45 Company: TuneUp Software -------------------- ************************************************************ 18:03:14: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.exe C:\Windows\system32\atiesrxx.exe 172032 bytes Created: 4.11.2009 17:45 Modified: 4.11.2009 17:45 Company: AMD ---------- Key: AmdLLD ImagePath: system32\DRIVERS\AmdLLD.sys C:\Windows\system32\DRIVERS\AmdLLD.sys 42552 bytes Created: 19.11.2009 18:08 Modified: 22.4.2009 14:32 Company: Advanced Micro Devices ---------- Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.sys C:\Windows\system32\DRIVERS\amdppm.sys 52736 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 1:11 Company: Microsoft Corporation ---------- Key: amdsata ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys C:\Windows\system32\DRIVERS\amdsata.sys 79952 bytes Created: 10.6.2009 23:19 Modified: 14.7.2009 3:26 Company: Advanced Micro Devices ---------- Key: amdxata ImagePath: system32\DRIVERS\amdxata.sys C:\Windows\system32\DRIVERS\amdxata.sys 23616 bytes Created: 14.7.2009 0:09 Modified: 14.7.2009 3:26 Company: Advanced Micro Devices ---------- Key: archlp ImagePath: system32\drivers\archlp.sys C:\Windows\system32\drivers\archlp.sys - [file not found to scan] ---------- Key: AtiHdmiService ImagePath: system32\drivers\AtiHdmi.sys C:\Windows\system32\drivers\AtiHdmi.sys 104976 bytes Created: 18.11.2009 14:12 Modified: 30.9.2009 16:33 Company: ATI Technologies, Inc. ---------- Key: cmuda3 ImagePath: system32\drivers\cmudax3.sys C:\Windows\system32\drivers\cmudax3.sys 1872320 bytes Created: 13.11.2009 16:48 Modified: 15.6.2009 15:08 Company: C-Media Inc ---------- Key: F-Secure Filter ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys 39776 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: F-Secure Gatekeeper ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys 101496 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:38 Company: F-Secure Corporation ---------- Key: F-Secure Gatekeeper Handler Starter ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe" C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe 215648 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: F-Secure HIPS ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys 68064 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation ---------- Key: F-Secure Recognizer ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys 25184 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: FLEXnet Licensing Service ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 655624 bytes Created: 18.10.2007 16:07 Modified: 18.10.2007 16:07 Company: Acresso Software Inc. ---------- Key: fsbts ImagePath: system32\Drivers\fsbts.sys C:\Windows\system32\Drivers\fsbts.sys 33920 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:39 Company: F-Secure Corporation ---------- Key: FSDFWD ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe" C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe 522848 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:59 Company: F-Secure Corporation ---------- Key: FSES ImagePath: System32\drivers\fses.sys C:\Windows\System32\drivers\fses.sys 35680 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation ---------- Key: FSFW ImagePath: System32\drivers\fsdfw.sys C:\Windows\System32\drivers\fsdfw.sys 71040 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:57 Company: F-Secure Corporation ---------- Key: FSMA ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE" C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE 186976 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation ---------- Key: FSORSPClient ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe" C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe 55928 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:37 Company: F-Secure Corporation ---------- Key: fssfltr ImagePath: system32\DRIVERS\fssfltr.sys C:\Windows\system32\DRIVERS\fssfltr.sys 54632 bytes Created: 3.10.2009 16:01 Modified: 5.8.2009 21:48 Company: Microsoft Corporation ---------- Key: fsssvc ImagePath: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" C:\Program Files\Windows Live\Family Safety\fsssvc.exe 704864 bytes Created: 5.8.2009 21:48 Modified: 5.8.2009 21:48 Company: Microsoft Corporation ---------- Key: fsvista ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys 12384 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- Key: irsir ImagePath: system32\DRIVERS\irsir.sys C:\Windows\system32\DRIVERS\irsir.sys 20992 bytes Created: 19.1.2008 5:55 Modified: 19.1.2008 5:55 Company: Microsoft Corporation ---------- Key: LGDDCDevice ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys 14336 bytes Created: 3.10.2009 16:08 Modified: 12.12.2008 14:27 Company: [no info] ---------- Key: LGII2CDevice ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys 18432 bytes Created: 3.10.2009 16:08 Modified: 12.12.2008 14:27 Company: [no info] ---------- Key: Nero BackItUp Scheduler 4.0 ImagePath: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 935208 bytes Created: 23.9.2009 13:38 Modified: 23.9.2009 13:38 Company: Nero AG ---------- Key: NVENETFD ImagePath: system32\DRIVERS\nvm62x32.sys C:\Windows\system32\DRIVERS\nvm62x32.sys 347264 bytes Created: 10.6.2009 23:18 Modified: 14.7.2009 0:02 Company: NVIDIA Corporation ---------- Key: NVNET ImagePath: system32\DRIVERS\nvmf6232.sys C:\Windows\system32\DRIVERS\nvmf6232.sys 287392 bytes Created: 13.11.2009 16:47 Modified: 30.7.2009 17:12 Company: NVIDIA Corporation ---------- Key: nvsmu ImagePath: system32\DRIVERS\nvsmu.sys C:\Windows\system32\DRIVERS\nvsmu.sys 17920 bytes Created: 10.11.2009 21:55 Modified: 29.6.2009 0:36 Company: NVIDIA Corporation ---------- Key: PDAgent ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe" C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe 939272 bytes Created: 7.10.2009 10:04 Modified: 7.10.2009 10:04 Company: Raxco Software, Inc. ---------- Key: PDEngine ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe" C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe 1033480 bytes Created: 7.10.2009 10:05 Modified: 7.10.2009 10:05 Company: Raxco Software, Inc. ---------- Key: PnkBstrA ImagePath: C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrA.exe 66872 bytes Created: 3.10.2009 14:32 Modified: 3.10.2009 14:32 Company: [no info] ---------- Key: PnkBstrB ImagePath: C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\PnkBstrB.exe 107832 bytes Created: 3.10.2009 14:32 Modified: 20.10.2009 16:22 Company: [no info] ---------- Key: rdpbus ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys C:\Windows\system32\DRIVERS\rdpbus.sys 18944 bytes Created: 14.7.2009 2:02 Modified: 14.7.2009 2:02 Company: Microsoft Corporation ---------- Key: SeaPort ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 240512 bytes Created: 19.5.2009 10:36 Modified: 19.5.2009 10:36 Company: Microsoft Corporation ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: TuneUp.Defrag ImagePath: C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe 435016 bytes Created: 1.11.2009 0:14 Modified: 13.11.2009 21:12 Company: TuneUp Software ---------- Key: TuneUp.UtilitiesSvc ImagePath: "C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe 1021256 bytes Created: 13.11.2009 10:49 Modified: 13.11.2009 10:49 Company: TuneUp Software ---------- Key: TuneUpUtilitiesDrv ImagePath: \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 10064 bytes Created: 14.10.2009 7:24 Modified: 14.10.2009 7:24 Company: TuneUp Software ---------- Key: VideoAcceleratorService ImagePath: C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe 300656 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. ---------- Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.sys C:\Windows\system32\DRIVERS\WinUsb.sys 34944 bytes Created: 14.7.2009 1:51 Modified: 14.7.2009 1:51 Company: Microsoft Corporation ---------- Key: wlidsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1533808 bytes Created: 30.3.2009 15:28 Modified: 30.3.2009 15:28 Company: Microsoft Corporation ---------- Key: {B154377D-700F-42cc-9474-23858FBDF4BD} ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl C:\Program Files\CyberLink\PowerDVD9\000.fcl 87536 bytes Created: 1.9.2009 16:59 Modified: 1.9.2009 16:59 Company: CyberLink Corp. ---------- ************************************************************ 18:03:35: Scanning -----VXD ENTRIES----- ************************************************************ 18:03:35: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 18:03:35: Scanning ----- CONTEXTMENUHANDLERS ----- Key: Cover Designer CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} Path: C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll 2250024 bytes Created: 24.9.2009 17:07 Modified: 24.9.2009 17:07 Company: Nero AG ---------- Key: Trojan Remover CLSID: {52B87208-9CCF-42C9-B88E-069281105805} Path: C:\PROGRA~1\Trojan Remover\Trshlex.dll C:\PROGRA~1\Trojan Remover\Trshlex.dll 479744 bytes Created: 20.11.2009 18:01 Modified: 3.5.2009 17:16 Company: Simply Super Software ---------- Key: TuneUp Shredder Shell Extension CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} Path: C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll 30536 bytes Created: 13.11.2009 10:46 Modified: 13.11.2009 10:46 Company: TuneUp Software ---------- Key: {23814B80-52A2-11d0-BC1A-004095606CB9} Path: C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll 64168 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:56 Company: F-Secure Corporation ---------- ************************************************************ 18:03:36: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 371712 bytes Created: 16.4.2009 13:17 Modified: 16.4.2009 13:17 Company: Sun Microsystems, Inc. ---------- Key: {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} File: C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll 2135336 bytes Created: 17.9.2009 13:35 Modified: 17.9.2009 13:35 Company: Nero AG ---------- ************************************************************ 18:03:36: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} BHO: C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll 2655736 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: ---------- Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll 137600 bytes Created: 19.5.2009 10:36 Modified: 19.5.2009 10:36 Company: Microsoft Corporation ---------- Key: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} BHO: C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll 531040 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:59 Company: F-Secure Corporation ---------- Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll C:\Program Files\Windows Live\Toolbar\wltcore.dll 1068904 bytes Created: 6.2.2009 17:17 Modified: 6.2.2009 17:17 Company: Microsoft Corporation ---------- Key: {FF7C3CF0-4B15-11D1-ABED-709549C10000} BHO: C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll 185944 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. ---------- ************************************************************ 18:03:36: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 18:03:36: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- No SharedTaskScheduler entries found to scan ************************************************************ 18:03:36: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 18:03:36: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 18:03:36: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 18:03:36: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 14.7.2009 6:41 Modified: 15.11.2009 11:26 Company: [no info] -------------------- ************************************************************ 18:03:36: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Windows [C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 2.10.2009 15:57 Modified: 9.11.2009 18:56 Company: [no info] ---------- LimeWire On Startup.lnk - links to C:\PROGRA~1\LimeWire\LimeWire.exe C:\PROGRA~1\LimeWire\LimeWire.exe 503808 bytes Created: 30.9.2009 18:06 Modified: 30.9.2009 18:06 Company: Lime Wire, LLC ---------- -------------------- ************************************************************ 18:03:37: Scanning ----- SCHEDULED TASKS ----- Taskname: {287E119D-0ED2-4C54-8EAE-BA6F9F44F1BB} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\InstallHelper.exe" -c "C:\Program Files\Electronic Arts\The Sims 3\Mods\Packages\[ana@66S] Dinner Party.package" ---------- Taskname: {32FF45E6-7363-42FC-8F4C-881B29EE1347} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\Downloads\SDFix.exe -d C:\Windows\system32 ---------- Taskname: {541E934A-7B30-4574-8A04-F70D04FEC31E} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Windows\System\CMICNFG3.cpl ---------- Taskname: {5A1165A9-9E01-4A18-9EC9-F4DCB5277A28} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x000b -removeonly ---------- Taskname: {5A56B5AB-E303-4B18-91FE-F50859537870} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\AppData\Local\Temp\FooPlugin0.9Setup_2.1.exe -d "C:\Program Files\Last.fm" -c /SILENT /DIR="C:\Program Files\Spotify\components\" ---------- Taskname: {76B4052F-5980-44FF-AD04-92B33B076E2D} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207\TS3InstallHelper.exe -d C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207 -c /UAC:206D4 /NCRC ---------- Taskname: {AD92A0D9-2C37-4A2B-AE95-3C11C7691D38} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCCHRDWB\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: {CFC14368-E5C0-48C2-B0C1-56B9AB320110} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXQ0I92F\9-9_vista32-64_hydravision[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: {E06AAB02-A5F7-4881-8E4F-42BEA8EA7F35} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]\The Sims 3 v1.27 to v1.3.2.exe" -d "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]" ---------- Taskname: {EDBCD0B4-46A9-4906-8380-E022F78249FB} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Windows\uninstall\Satellite TV for PC Elite\setup.exe" ---------- Taskname: {F1888B49-A348-447B-9AFF-3C374B53F55B} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTJVF0OU\9-9_vista32_win7_32_dd[1].exe" -d C:\Users\Windows\Desktop ---------- Taskname: Automatic troubleshooting File: C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe 316232 bytes Created: 13.11.2009 10:54 Modified: 13.11.2009 10:54 Company: TuneUp Software Schedule: Multiple schedule times Next Run Time: 20.11.2009 20:00:00 Status: Ready Status: Comments: Starts automatic troubleshooting at specific times ---------- Taskname: FileHippo.com Update Checker File: C:\Program Files\FileHippo.com\UpdateChecker.exe C:\Program Files\FileHippo.com\UpdateChecker.exe 155648 bytes Created: 28.9.2009 11:49 Modified: 28.9.2009 11:49 Company: FileHippo.com Parameters: /background Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:81C859F3 ---------- Taskname: InstallShield Software update service File: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe Parameters: -startup Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:04D036CE C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe - [file not found to scan] ---------- Taskname: InstallShield Software-Aktualisierungsdienst File: C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe 196608 bytes Created: 3.10.2009 16:08 Modified: 17.4.2004 11:41 Company: InstallShield Software Corporation Parameters: -startup Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:7CBD3F7F ---------- Taskname: Java Update Scheduler File: C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jusched.exe 149280 bytes Created: 3.10.2009 15:10 Modified: 5.11.2009 16:37 Company: Sun Microsystems, Inc. Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008 Next Run Time: 23.11.2009 10:00:00 Status: Ready Status: TuneUp Comments: tuident:819099AB ---------- Taskname: TuneUpUtilities_Task_BkGndMaintenance File: C:\Program Files\TuneUp Utilities 2010\OneClick.exe C:\Program Files\TuneUp Utilities 2010\OneClick.exe 649544 bytes Created: 13.11.2009 10:55 Modified: 13.11.2009 10:55 Company: TuneUp Software Parameters: $(Arg0) Schedule: Task not scheduled Next Run Time: Status: Ready Status: Comments: ---------- Taskname: User_Feed_Synchronization-{BCAE4A76-79EC-4515-8B11-3CC294757FFB} File: C:\Windows\system32\msfeedssync.exe C:\Windows\system32\msfeedssync.exe 12800 bytes Created: 14.7.2009 1:42 Modified: 14.7.2009 3:14 Company: Microsoft Corporation Parameters: sync Schedule: At 16:06:02 every day Next Run Time: 20.11.2009 18:06:02 Status: Ready Status: Windows-PC\Windows Comments: Päivittää vanhentuneet järjestelmäsyötteet. ---------- ************************************************************ 18:03:38: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Windows\system32\ntshrui.dll 442880 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:16 Company: Microsoft Corporation ---------- ************************************************************ 18:03:38: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: msacm.divxa32 File: msaud32_divx.acm C:\Windows\system32\msaud32_divx.acm 186368 bytes Created: 3.2.2003 8:01 Modified: 3.2.2003 8:01 Company: Microsoft Corporation ---------- Value: msacm.l3codecp File: l3codecp.acm C:\Windows\system32\l3codecp.acm 220672 bytes Created: 14.7.2009 2:09 Modified: 14.7.2009 3:14 Company: Fraunhofer Institut Integrierte Schaltungen IIS ---------- Value: vidc.VP60 File: C:\Windows\system32\vp6vfw.dll C:\Windows\system32\vp6vfw.dll -R- 447752 bytes Created: 4.9.2008 20:17 Modified: 4.9.2008 20:17 Company: On2.com ---------- Value: vidc.VP61 File: C:\Windows\system32\vp6vfw.dll C:\Windows\system32\vp6vfw.dll - file already scanned ---------- ************************************************************ 18:03:38: ----- ADDITIONAL CHECKS ----- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp 5184054 bytes Created: 25.10.2009 16:58 Modified: 19.11.2009 23:44 Company: [no info] ---------- Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\img24.jpg C:\Windows\web\wallpaper\img24.jpg - [file not found to scan] ---------- DNS Server information: Interface: NVIDIA nForce Networking Controller NameServers: 66.90.65.89,4.2.2.1 Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 18:03:39: Scanning ----- RUNNING PROCESSES ----- C:\Windows\System32\smss.exe 69632 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\csrss.exe 6144 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\wininit.exe 96256 bytes Created: 14.7.2009 1:36 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\csrss.exe - file already scanned -------------------- C:\Windows\system32\services.exe 259072 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\lsass.exe 22528 bytes Created: 14.7.2009 1:11 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\lsm.exe 261120 bytes Created: 14.7.2009 2:02 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\winlogon.exe 285696 bytes Created: 14.7.2009 1:37 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe 20992 bytes Created: 14.7.2009 1:19 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\atiesrxx.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\atieclxx.exe 360448 bytes Created: 4.11.2009 17:45 Modified: 4.11.2009 17:45 Company: AMD -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\System32\spoolsv.exe 316416 bytes Created: 14.7.2009 2:18 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 144672 bytes Created: 28.8.2009 18:42 Modified: 28.8.2009 18:42 Company: Apple Inc. -------------------- C:\Program Files\Bonjour\mDNSResponder.exe 238888 bytes Created: 12.12.2008 10:17 Modified: 12.12.2008 10:17 Company: Apple Inc. -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\FSGK32.EXE 476800 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:36 Company: F-Secure Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE - file already scanned -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe 73728 bytes Created: 20.8.2009 13:34 Modified: 20.8.2009 13:34 Company: Hewlett-Packard Company -------------------- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - file already scanned -------------------- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe - file already scanned -------------------- C:\Windows\system32\PnkBstrA.exe - file already scanned -------------------- C:\Windows\system32\PnkBstrB.exe - file already scanned -------------------- C:\Windows\system32\Dwm.exe 92672 bytes Created: 14.7.2009 1:24 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\Explorer.EXE - file already scanned -------------------- C:\Windows\system32\taskhost.exe 49152 bytes Created: 14.7.2009 1:19 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe - file already scanned -------------------- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe - file already scanned -------------------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - file already scanned -------------------- C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe 140920 bytes Created: 18.10.2009 18:42 Modified: 18.10.2009 18:42 Company: Speedbit Ltd. -------------------- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe 486216 bytes Created: 13.11.2009 10:51 Modified: 13.11.2009 10:51 Company: TuneUp Software -------------------- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe - file already scanned -------------------- C:\Windows\System32\rundll32.exe 44544 bytes Created: 14.7.2009 1:41 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\CyberLink\Shared files\brs.exe - file already scanned -------------------- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe - file already scanned -------------------- C:\Program Files\Innovative Solutions\DriverMax\devices.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 65536 bytes Created: 22.4.2009 17:38 Modified: 22.4.2009 17:38 Company: Advanced Micro Devices Inc. -------------------- C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned -------------------- C:\Program Files\LimeWire\LimeWire.exe 503808 bytes Created: 30.9.2009 18:06 Modified: 30.9.2009 18:06 Company: Lime Wire, LLC -------------------- C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe 66824 bytes Created: 7.10.2009 10:05 Modified: 7.10.2009 10:05 Company: Raxco Software, Inc. -------------------- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 183152 bytes Created: 30.3.2009 15:28 Modified: 30.3.2009 15:28 Company: Microsoft Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fssm32.exe 599168 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:36 Company: F-Secure Corporation -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 65536 bytes Created: 22.4.2009 17:37 Modified: 22.4.2009 17:37 Company: ATI Technologies Inc. -------------------- C:\Windows\system32\WUDFHost.exe 195584 bytes Created: 14.7.2009 1:50 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Windows Media Player\wmpnetwk.exe 1121280 bytes Created: 14.7.2009 2:09 Modified: 14.7.2009 3:14 Company: Microsoft Corporation -------------------- C:\Program Files\AMD\AMD Power Monitor\AMD Power Monitor.exe 470016 bytes Created: 21.5.2009 5:54 Modified: 21.5.2009 5:54 Company: -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Spotify\spotify.exe 2876144 bytes Created: 7.10.2009 20:02 Modified: 6.11.2009 16:12 Company: Spotify AB -------------------- C:\Program Files\uTorrent\uTorrent.exe 289072 bytes Created: 3.10.2009 17:23 Modified: 3.10.2009 17:23 Company: BitTorrent, Inc. -------------------- C:\Program Files\DAEMON Tools Lite\DTLite.exe - file already scanned -------------------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3883856 bytes Created: 26.7.2009 15:44 Modified: 26.7.2009 15:44 Company: Microsoft Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSHDLL32.EXE 88672 bytes Created: 9.11.2009 20:27 Modified: 5.8.2009 17:58 Company: F-Secure Corporation -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe - file already scanned -------------------- C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsav32.exe 347776 bytes Created: 9.11.2009 20:27 Modified: 9.11.2009 20:38 Company: F-Secure Corporation -------------------- C:\Program Files\Windows Live\Contacts\wlcomm.exe 27512 bytes Created: 6.2.2009 16:07 Modified: 6.2.2009 16:07 Company: Microsoft Corporation -------------------- C:\Windows\explorer.exe - file already scanned -------------------- C:\Program Files\Mozilla Firefox\firefox.exe 908248 bytes Created: 24.10.2009 20:37 Modified: 3.11.2009 5:31 Company: Mozilla Corporation -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 3101560 [This is a Trojan Remover component] -------------------- ************************************************************ 18:03:52: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.fi/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 18:03:52 20 marras 2009 Total Scan time: 00:00:41 ************************************************************
Lähetetääni tiedosto Virustotaliin virustotal 1 Klikkaa Selaa... nappia 2 Selaa sitten siihen tämä tiedosto: C:\Windows\system32\ojz1130.tmp.exe 3 Klikkaa Avaa nappia 4 Klikkaa Send nappia 5 Sivusto scannaa tiedostoa hetken, tallenna sitten tulokset jotka saat vaikka muistioon. Katos vielä mille firmalle tuo tiedosto kuuluu ominaisuuksista
kyseitä tiedosta ei löydy enään koneeltani voiko se olla toisella nimellä vai onko se poistunut kun käytin trojan removeria?
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:28, on 23.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\system\CMGxMon.exe C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE C:\Windows\System32\wpcumi.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\p2phost.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Windows\System32\ojz1130.tmp.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\Uniblue\RegistryBooster 2009\registrybooster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Yamicsoft\Vista Manager\VistaManager.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Cmaudio8768GX] C:\Windows\system\CmGXMon.exe Envoke O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [ojz1130.tmp.exe] C:\Windows\system32\ojz1130.tmp.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [UnibluePowerSuite] C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe -- End of file - 9352 bytes
http://www.windowsecurity.com/trojanscan/trojanscan.asp lataan tällä hetkellä virus/ troijalais tietoja koneellani on sen mukaan 88 örkkiä, jotkut low leveliä jotkut mediumia ja se ei ole scannannut vasta kuin n.10%
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:24:27, on 21.11.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE C:\Windows\System32\rundll32.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Trojan Remover\Rmvtrjan.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Last.fm\LastFM.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Windows\AppData\Local\Temp\nro.tmp\" O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu') O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- End of file - 9930 bytes
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi
Malwarebytes' Anti-Malware 1.41 Tietokantaversio: 3213 Windows 6.1.7600 (Safe Mode) 22.11.2009 14:28:52 mbam-log-2009-11-22 (14-28-52).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 256654 Kulunut aika: 21 minute(s), 6 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 1 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 1 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_CURRENT_USER\SOFTWARE\SoftVeteran (Rogue.SoftVeteran) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\Users\Windows\Downloads\Alpha-Setupa5320f_2015-8.exe (Rogue.Installer) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:29:18, on 22.11.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu') O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- End of file - 9284 bytes
scannaa hjt:llä merkkaa paina Fix checked R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O13 - Gopher Prefix: sammuta ja käynnistä ja se siintä
Suoritn pyörittää 100 ja kone hidastelee kone on 2kk vanha Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:44:31, on 24.11.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TuneUp Utilities 2010\Integrator.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu') O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Folding@HomeCPU\1\Fah.exe O23 - Service: Folding@home-CPU-[2] - Unknown owner - C:\Folding@HomeCPU\2\Fah.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- End of file - 9800 bytes
Poista lisää poista sovelutuksesta DAEMON Tools Toolbar Poista kansio C:\Program Files\DAEMON Tools Toolbar
ongelma 2. Kun alan pyörittämään sims 3:sta se on aivan äärettömän hidas pelkkä pelin starttaus kehtää 20min ja kysseessä on UUSI KONE
Mulla on taas vanha kone. Oli uusi siloin kun hommasin hyvään am2 kanta socret aikaan. onkos toi yllä oleva tehty sitten otetaan • Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
1. ongelma ei ole vielä poistunut syöritin pyörittää yhä 100% µTorrent Adobe AIR Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS3 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Reader 9.2 - Suomi Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Advertising Center AMD Machine Check Analysis Tool AMD Power Monitor Apple Application Support Apple Mobile Device Support Apple Software Update ASRock IES ASRock InstantBoot ASRock OC Tuner ATI AVIVO Codecs ATI Catalyst Registration Bonjour Canon MP450 Catalyst Control Center - Branding CCleaner C-Media PCI Audio Device Connect CyberLink BD Advisor 2.0 CyberLink InstantBurn CyberLink LabelPrint CyberLink PhotoNow! CyberLink PowerBackup CyberLink PowerDVD 9 CyberLink PowerDVD 9 CyberLink UDF Reader 5.0 Defraggler DriverMax 5 EA Download Manager Far Cry 2 FileHippo.com Update Checker forteManager F-Secure PSC Prerequisites HijackThis 2.0.2 HydraVision iTunes Java(TM) 6 Update 17 Junk Mail filter update kuler Last.fm 1.5.4.24567 LG Tool Kit LG USB Modem driver LightScribe System Software LimeWire PRO 5.3.6 Malwarebytes' Anti-Malware Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Finnish) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Finnish) 2007 Microsoft Office Groove MUI (Finnish) 2007 Microsoft Office InfoPath MUI (Finnish) 2007 Microsoft Office Live Add-in 1.4 Microsoft Office OneNote MUI (Finnish) 2007 Microsoft Office Outlook MUI (Finnish) 2007 Microsoft Office PowerPoint MUI (Finnish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Finnish) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Swedish) 2007 Microsoft Office Proofing (Finnish) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Finnish) 2007 Microsoft Office Shared MUI (Finnish) 2007 Microsoft Office Word MUI (Finnish) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft WSE 3.0 Runtime Mozilla Firefox (3.5.5) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) Nero CoverDesigner Nero DriveSpeed Nero Installer Nero PhotoSnap Nero Recode Nero ShowTime Nero StartSmart Nero WaveEditor Nero Vision NeroBurningROM NeroExpress neroxml NVIDIA Drivers OGA Notifier 2.0.0048.0 Ohjelman Microsoft Office Excel 2007 Help päivitys (KB963678) Ohjelman Microsoft Office Powerpoint 2007 Help päivitys (KB963669) Ohjelman Microsoft Office Word 2007 Help päivitys (KB963665) OpenAL OpenOffice.org 3.1 PDF Settings CS4 Photoshop Camera Raw PowerISO PunkBuster Services QuickTime Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB973704) Security Update for Microsoft Office Excel 2007 (KB973593) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Software Informer 1.0 BETA Sonera Tietoturva SoundTrax SpeedBit Video Accelerator SpeedBit Video Downloader Spelling Dictionaries Support For Adobe Reader 9 Spotify Suite Shared Configuration CS4 System Requirements Lab The Sims™ 3 Trojan Remover 6.8.1 TS3 Install Helper Monkey TuneUp Utilities Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb975960) VideoLAN VLC media player 0.8.6d Windows Live Call Windows Live Communications Platform Windows Live ID -kirjautumisavustaja Windows Live Messenger Windows Live -perheturva Windows Live Sync Windows Live Toolbar Windows Live Writer Windows Liven asennustyökalu Windows Liven asennustyökalu Windows Liven elokuvatyökalu Windows Liven lataustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima Windows Media Player Firefox Plugin Windows Vista Upgrade Advisor WinRAR archiver
Poista lisää poista sovelutuksesta SpeedBit Video Accelerator SpeedBit Video Downloader Poista kansio C:\Program Files\SpeedBit Video Accelerator ------- Mene käynnistä -> suorita -> services.msc -> ok O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe Tuplalikkaa tuota serviceä laita seis alasvetovalikosta ei käytössä ja klikkaa käytä ja ok -------- Tarkista Kaspersky Online Skannerilla 1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept. 2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run. 3. Kun lataus on valmis, klikkaa Settings. 4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases 5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta. 6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report. 7. Näet listan saastuneista kohteista. Klikkaa Save Report As.... 8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save. 9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
