Eli herjaa "Your computer is infected" ja lataa sitä spyaxea, perskele! Kattelin jo aikasempia viestejä ja latasin hijackthis:in ja smithrem:in HIJACK: Logfile of HijackThis v1.99.1 Scan saved at 1:22:43, on 12.12.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Iiro\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.tpu.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.wlannet.com:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ? O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
SMITREM sanoo näin: smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [versio 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SpyAxeFix © by noahdfear spyaxe directory present spyaxe uninstaller present Starting spyaxe uninstaller REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 740 'explorer.exe' Killing PID 740 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN!
Ohjauspaneeli: Lisää/poista sovellus -> Poista SpyAxe Fixaa: (Avaa hjt ->Do a system scan only, merkkaa, sulje selain, paina fix Cheked) O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ? O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm >>>>>>>>>>>Vikasietotila<<<<<<<<<<<<<<<< (Näpytä f8 käynnistyksen yhteydessä kunnes valikkoon tulee vikasietotila) Poista: C:\Program Files\-->SpyAxe<-- C:\WINDOWS\web\-->related.htm<-- Avaa smitRem-kansio työpöydältä ja tuplaklikkaa RunThis.bat. Seuraa ohjeita. Käynnistä kone uudestaan, lähetä uusi HjT-loki ja c:\smitfiles.txt-tiedoston sisältö.
Ei auttanut... Logfile of HijackThis v1.99.1 Scan saved at 11:20:40, on 12.12.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\WINDOWS\System32\wuauclt.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.tpu.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.wlannet.com:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
Käynnistä vikasietotilaan(F8 käynnistyksen yhteydessä -> valikosta vikasietotila). Fixaa tämä: O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h Aja se smitrem siellä vikasiedossa, jos et sitä jo tehnyt. Käynnistä uudelleen, lähetä uusi HjT-loki ja C:\smitfiles.txt-tiedoston sisältö.
Tein vikasietotilassa, mutta ei auttanut...yhä tulee takaisin! "Your computer is infected!" -teksti ja Spyaxe Logfile of HijackThis v1.99.1 Scan saved at 11:44:11, on 12.12.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\WINDOWS\System32\wuauclt.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.tpu.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.wlannet.com:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
laitappa hijackthisistä startuplist loki> avaa hjt klikkaa open misc tools seciton eti kohta generate startuplist log, laita rastit molempiin kohtiin ja paina sit nappia generate startuplist log, tallenna se ja laita sen sisältö tänne! edit: phucking toyps
Tässä on... StartupList report, 12.12.2005, 11:53:04 StartupList version: 1.52.2 Started from : C:\HJT\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Iiro\Käynnistä-valikko\Ohjelmat\Käynnistys] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys] Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run F-Secure Manager = "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash F-Secure TNB = "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW SoundMan = SOUNDMAN.EXE ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe RoxioEngineUtility = "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" RoxioDragToDisc = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" RoxioAudioCentral = "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime NeroCheck = C:\WINDOWS\system32\NeroCheck.exe RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" H2O = C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe SpyAxe = C:\Program Files\SpyAxe\spyaxe.exe /h -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: *No BHO's found* -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Java Plug-in 1.5.0_05] InProcServer32 = C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Java Plug-in 1.5.0_05] InProcServer32 = C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system) Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD Networking Support -ympäristö: \SystemRoot\System32\drivers\afd.sys (autostart) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Hälytys: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Sovelluskerroksen yhdyskäytäväpalvelu: %SystemRoot%\System32\alg.exe (manual start) AMD Processor Driver: System32\DRIVERS\AmdK8.sys (system) Sovellusten hallinta: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394 ARP -asiakasprotokolla: System32\DRIVERS\arp1394.sys (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start) Standardi IDE/ESDI-kiintolevyohjain: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) ATI WDM Rage Theater Video: System32\DRIVERS\atinrvxx.sys (manual start) ATM ARP Client -protokolla: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start) F-Secure Automatic Update: C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (autostart) BITS-tausta-ajo (Background Intelligent Transfer Service): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) MAC-silta: System32\DRIVERS\bridge.sys (manual start) MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start) Tietokoneiden selaus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) CD-ROM-ohjain: System32\DRIVERS\cdrom.sys (system) Indeksointipalvelu: %SystemRoot%\system32\cisvc.exe (manual start) Team H2O CLEDX service: System32\DRIVERS\cledx.sys (manual start) Leikekirja: %SystemRoot%\system32\clipsrv.exe (manual start) COM+-järjestelmäsovellus: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Conittstfdes: C:\WINDOWS\System32\drivers\getnd5b.sys (disabled) Salauspalvelut: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DHCP-asiakas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Levyohjain: System32\DRIVERS\disk.sys (system) Loogisen levyn hallinnan valvontapalvelu: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Loogisen levyn hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DMX6fire WDM Audio: system32\drivers\dmx6fire.sys (manual start) dmxsens: system32\drivers\dmxsens.sys (manual start) DNS-asiakas: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) Virheraportointipalvelut: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Tapahtumaloki: %SystemRoot%\system32\services.exe (autostart) COM+-tapahtumajärjestelmä: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) F-Secure File System Filter: \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys (autostart) F-Secure Gatekeeper: \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys (autostart) F-Secure Gatekeeper Handler Starter: "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" (autostart) F-Secure Network Request Broker: "C:\Program Files\F-Secure\Common\FNRB32.EXE" (manual start) F-Secure File System Recognizer: \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys (autostart) Nopean käyttäjän vaihdon yhteensopivuus: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Levykeaseman ohjain: System32\DRIVERS\fdc.sys (manual start) Levykeasemaohjain: System32\DRIVERS\flpydisk.sys (manual start) fsbwsys: "C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe" (autostart) F-Secure Anti-Virus Firewall Daemon: "C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe" (manual start) F-Secure Firewall Driver: System32\drivers\fsdfw.sys (system) F-Secure Management Agent: "C:\Program Files\F-Secure\Common\FSMA32.EXE" (autostart) Volume Manager -ohjain: System32\DRIVERS\ftdisk.sys (system) GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start) VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver: System32\DRIVERS\getnd5b.sys (manual start) Yleinen paketinmääritys: System32\DRIVERS\msgpc.sys (manual start) Ohjeet ja tuotetuki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) HID (Human Interface Device) -liittymä: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) i8042-näppäimistö ja PS/2-hiiriohjain: System32\DRIVERS\i8042prt.sys (system) CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system) CD-levyjen kirjoittamisen IMAPI COM -palvelu: C:\WINDOWS\System32\imapi.exe (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) iPod Service: C:\Program Files\iPod\bin\iPodService.exe (manual start) IPSEC-ohjain: System32\DRIVERS\ipsec.sys (system) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA -väyläohjain: System32\DRIVERS\isapnp.sys (system) Näppäimistön luokkaohjain: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Palvelin: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Työasema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Macromedia Licensing Service: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" (manual start) Viestinvälitys: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) NetMeeting etätyöpöydän jakaminen: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Hiiren luokkaohjain: System32\DRIVERS\mouclass.sys (system) WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer -ohjelma: C:\WINDOWS\System32\msiexec.exe /V (manual start) Microsoft Streaming Service -välityspalvelin: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink -muunnin: system32\drivers\MSTEE.sys (manual start) ATI WDM Specialized MVD Codec: System32\DRIVERS\atinmdxx.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O -protokolla: System32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-käyttöliittymä: System32\DRIVERS\netbios.sys (system) NetBIOS TCP/IP:n päällä: System32\DRIVERS\netbt.sys (system) Verkon DDE: %SystemRoot%\system32\netdde.exe (manual start) Verkon DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start) Verkkokirjautuminen: %SystemRoot%\System32\lsass.exe (manual start) Verkkoyhteydet: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) 1394-verkko-ohjain: System32\DRIVERS\nic1394.sys (manual start) NLA-nimiavaruus (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT LM -suojaustuen toimittaja: %SystemRoot%\System32\lsass.exe (manual start) Siirrettävät tallennusvälineet: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NTSIM: \??\C:\WINDOWS\System32\ntsim.sys (manual start) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system) Rinnakkaisporttiohjain: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-palvelut: %SystemRoot%\System32\lsass.exe (autostart) WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Processor Driver: System32\DRIVERS\processr.sys (system) Suojattu tallennuspaikka: %SystemRoot%\system32\lsass.exe (autostart) QoS-paketinajoitus: System32\DRIVERS\psched.sys (manual start) Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start) Remote Access Auto Connection -ohjain: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection -hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Etäkäytön (RAS) yhteyksienhallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start) Suora rinnakkainen: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Etätyöpöydän ohjeen istunnonhallinta: C:\WINDOWS\system32\sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system) Reititys ja etäkäyttö: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Etäproseduurikutsujen (RPC) paikannin: %SystemRoot%\System32\locator.exe (manual start) Etäproseduurikutsu (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start) Käyttöoikeustilien hallinta: %SystemRoot%\system32\lsass.exe (autostart) Älykortti-apuohjelma: %SystemRoot%\System32\SCardSvr.exe (manual start) Älykortti: %SystemRoot%\System32\SCardSvr.exe (manual start) Tehtävien ajoitus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Toissijainen kirjautuminen: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Järjestelmätapahtuman ilmoitus: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter -ohjain: System32\DRIVERS\serenum.sys (manual start) Sarjaporttiohjain: System32\DRIVERS\serial.sys (system) Internet-yhteyden palomuuri (ICF) / Internet-yhteyden jakaminen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Käyttöliittymän laitteistotunnistus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Taustatulostusohjain: %SystemRoot%\system32\spoolsv.exe (autostart) Järjestelmän palautussuodatin -ohjain: System32\DRIVERS\sr.sys (system) Järjestelmän palauttaminen -palvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP-palvelu (Simple Service Discovery Protocol): %SystemRoot%\System32\svchost.exe -k LocalService (manual start) WIA (Windows Image Acquisition): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Ohjelmistoväyläohjain: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{191615BE-E483-46AA-8E40-1F40C490D647} (manual start) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Resurssilokit ja -hälytykset: %SystemRoot%\system32\smlogsvc.exe (manual start) Puhelin: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP-protokollaohjain: System32\DRIVERS\tcpip.sys (system) Päätelaiteohjain: System32\DRIVERS\termdd.sys (system) Päätepalvelut: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Teemat: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Tiedostolinkkijäljityksen asiakas: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microcode Update -ohjain: System32\DRIVERS\update.sys (manual start) Latauksenhallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Universal Plug & Play -laiteisäntä: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) UPS: %SystemRoot%\System32\ups.exe (manual start) USB-ääniohjain (WDM): system32\drivers\usbaudio.sys (manual start) Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start) Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) viamraid: System32\DRIVERS\viamraid.sys (system) viasraid: system32\drivers\viasraid.sys (system) Aseman tilannevedos: %SystemRoot%\System32\vssvc.exe (manual start) VIA USB Host Controller Lower Filter: \SystemRoot\System32\Drivers\vulfnth.sys (manual start) VIA USB Roothub Lower Filter: \SystemRoot\System32\Drivers\vulfntr.sys (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) WMI-palvelu (Windows Management Instrumentation): %systemroot%\system32\svchost.exe -k netsvcs (autostart) Kannettavan soittimen sarjanumero: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) WMI resurssisovitin: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automaattiset päivitykset: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 34 414 bytes Report generated in 0,109 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
teeppäs ekaksi panda actove scan: http://www.pandasoftware.com/products/activescan.htm kun valmis tallenna raportti ja paa se tänne
Incident Status Location Adware:adware/securityerror Not desinfected C:\Documents and Settings\Iiro\Suosikit\Antivirus Test Online.url Adware:adware/antivirus-gold Not desinfected Windows Registry
Auttakaa.... Toi "Your computer is infected" -teksti repii mun hermot, siitä tulee vielä sellanen pieni ääni!
Poista tuo: C:\Documents and Settings\Iiro\Suosikit\==>Antivirus Test Online.url<== Laita piilotiedostot näkyviin, ohje ->http://keskustelu.afterdawn.com/thread_view.cfm/248944 Katso, löydätkö tämän: C:\windows\system32\svchosts.dll Jos, niin tee näin: Poista ensin SpyAxe lisää/poista sovellus-kohdasta Hae KillBox http://www.bleepingcomputer.com/files/spyware/KillBox.zip Pura,avaa ja täppi kohtaan Delete on Reboot Sitten kopioi rivi tosta alapuolelta C:\windows\system32\svchosts.dll Sitten KillBoxissa ylhäältä File > Paste from Clipboard Sen jälkeen paina Delete (punainen, jossa on valkonen X) Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se. Lähetä sen jälkeen uusi Hijack-logi.
Ei vieläkään... "Your computer is infected" ja se lataa aina välillä sen spyaxen vaikka sen poistaakin...oon koittanut kaikkea mitä täällä on neuvottu...mitä teen? Logfile of HijackThis v1.99.1 Scan saved at 21:36:52, on 12.12.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.tpu.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.wlannet.com:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
smitremin pitäs poistaa toi svchost.dll, koita nyt silti,jos ei onnaa vieläkään niin seuraavaksi otetaan sitten silentrunners loki ja otetaan se laajin mahdollinen, eli käytetään parametriä -all eli tee c: asemalle kansio silentrunners klikkaa seuraavaa linkkiä hiiren oikeella, valitse tallenna nimellä. tallenna kansioon silentrunners http://www.silentrunners.org/Silent Runners.vbs kun valmis klikkaa käynnistä> suorita> kirjoita cmd ja paina enter komentorivi.ikkunaan kirjoita seuraava( tarkasti ) cd c:\silentrunners ja paina enter "silent runners.vbs" -all ja paina enter jos antivirus hälyttää skriptistä, salli sen pyöriä odota kunnes se kertoo olevansa valmis, se tekee kansioon c:\silentrunnners lokin, jonka sisällön paat tänne huomaa et se on aika pitkä loki, saattaa vaatia parikin viestiä, oo tarkka et kaikki tulee mukaan edit: linkki korjattu
Se svchost.exe ei lähde smitremillä eikä killboxilla...eikä sitä myöskään pysty poistaa vikasietotilassa tai normaali tilassa manuaalisesti tai noilla ohjelmilla... Toivottavasti tää kukistetaan "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP Output of all locations checked and all values found. Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ "F-Secure Manager" = ""C:\Program Files\F-Secure\Common\FSM32.EXE" /splash" ["F-Secure Corporation"] "F-Secure TNB" = ""C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "RoxioEngineUtility" = ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"" ["Roxio"] "RoxioDragToDisc" = ""C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"" ["Roxio"] "RoxioAudioCentral" = ""C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"" ["Roxio, Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "H2O" = "C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" ["Team H2O"] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."] "SpyAxe" = "C:\Program Files\SpyAxe\spyaxe.exe /h" ["SpyAxe.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ HKLM\Software\Microsoft\Active Setup\Installed Components\ >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Microsoft Windows Media Player" \StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{00022613-0000-0000-C000-000000000046}" = "Multimediatiedoston ominaisuusikkuna" -> {CLSID}\InProcServer32\(Default) = "mmsys.cpl" [MS] "{176d6597-26d3-11d1-b350-080036a75b03}" = "ICM-kuvanlukijan hallinta" -> {CLSID}\InProcServer32\(Default) = "icmui.dll" [MS] "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS-suojaussivu" -> {CLSID}\InProcServer32\(Default) = "rshx32.dll" [MS] "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "OLE-asiakirjatiedoston ominaisuussivu" -> {CLSID}\InProcServer32\(Default) = "docprop.dll" [MS] "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Liittymälaajennus jakamista varten" -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS] "{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\themeui.dll" [MS] "{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Näyttösovittimen CPL-laajennus" -> {CLSID}\InProcServer32\(Default) = "deskadp.dll" [MS] "{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Näytön CPL -laajennus" -> {CLSID}\InProcServer32\(Default) = "deskmon.dll" [MS] "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL -laajennus" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Hakemistopalvelun suojaussivu" -> {CLSID}\InProcServer32\(Default) = "dssec.dll" [MS] "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Yhteensopivuussivusto" -> {CLSID}\InProcServer32\(Default) = "SlayerXP.dll" [MS] "{56117100-C0CD-101B-81E2-00AA004AE837}" = "Käyttöliittymän leikkeidenkäsittelytoiminto" -> {CLSID}\InProcServer32\(Default) = "shscrap.dll" [MS] "{59099400-57FF-11CE-BD94-0020AF85B590}" = "Levykkeen kopiointilaajennus" -> {CLSID}\InProcServer32\(Default) = "diskcopy.dll" [MS] "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Microsoft Windows -verkon objektien liittymälaajennukset" -> {CLSID}\InProcServer32\(Default) = "ntlanui2.dll" [MS] "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "ICM-näytön hallinta" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS] "{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "ICM-tulostimen hallinta" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS] "{77597368-7b15-11d0-a0c2-080036af3f03}" = "Web-tulostimen liittymälaajennus" -> {CLSID}\InProcServer32\(Default) = "printui.dll" [MS] "{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI" -> {CLSID}\InProcServer32\(Default) = "dskquoui.dll" [MS] "{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Salkku" -> {CLSID}\InProcServer32\(Default) = "syncui.dll" [MS] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-kuvakkeen tunniste" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts" -> {CLSID}\InProcServer32\(Default) = "fontext.dll" [MS] "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC-profiili" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS] "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Tulostimen suojaussivu" -> {CLSID}\InProcServer32\(Default) = "rshx32.dll" [MS] "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Liittymälaajennus jakamista varten" -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS] "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskperf.dll" [MS] "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto PKO -laajennus" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS] "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto Sign -laajennus" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS] "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Verkkoyhteydet" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS] "{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Verkkoyhteydet" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS] "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Skannerit ja kamerat" -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS] "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Skannerit ja kamerat" -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS] "{905667aa-acd6-11d2-8080-00805f6596d2}" = "Skannerit ja kamerat" -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS] "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Skannerit ja kamerat" -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS] "{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Skannerit ja kamerat" -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [MS] "{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\remotepg.dll" [MS] "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wuaucpl.cpl" [MS] "{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Windows Script Hostin liittymälaajennukset" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wshext.dll" [MS] "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft-tietolinkki" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\System\Ole DB\oledb32.dll" [MS] "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS] "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS] "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Ajoitetut tehtävät" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS] "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Etsi" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Ohje ja tuki" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Ohje ja tuki" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Suorita..." -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "Sähköposti" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fontit" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Valvontatyökalut" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS] "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS] "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS] "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS] "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS] "{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [MS] "{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Microsoft Internet-työkalurivi" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Lataamisen tila" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Etsintäpalkki" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{32683183-48a0-441b-a342-7c2a440a9478}" = "Media-palkki" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Web Search" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Lähiosoite" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Address EditBox" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Microsoft AutoComplete" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{6756A641-DE71-11d0-831B-00AA005B4383}" = "MRU AutoComplete List" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Osoitepalkin jäsentäjä" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Microsoft History AutoComplete List" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{03C036F1-A186-11D0-824A-00AA005B4383}" = "Microsoft Shell Folder AutoComplete List" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Microsoft Multiple AutoComplete List Container" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Shell Band Site Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Shell DeskBar" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "User Assist" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Global Folder Settings" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut" -> {CLSID}\InProcServer32\(Default) = "shdocvw.dll" [MS] "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{FF393560-C2A7-11CF-BFF4-444553540000}" = "Sivuhistoria" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "IE4 Suite Splash Screen" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [MS] "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [MS] "{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX-välimuistikansio" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS] "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Subscription Folder" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Käyttöliittymän sovelluksenhallintaohjelma" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS] "{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Sovellusluettelo asennettiin" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS] "{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [MS] "{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS] "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS] "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "GDI+ -tiedoston pikkukuvan purkaja" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS] "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Yhteenvetotiedot pikkukuvien käsittelystä (DOCFILES)" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS] "{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "HTML-pikkukuvien purkuohjelma" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS] "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shimgvw.dll" [MS] "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Ohjattu Web-julkaisutoiminto" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS] "{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Valokuvien paperikopioiden tilaaminen Internetistä" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS] "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Shell Publishing Wizard Object" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS] "{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Ohjattu Passport toiminto" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [MS] "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Pakattu (zip) kansio" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS] "{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS] "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [MS] "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Kanavatiedosto" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS] "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Kanavan pikakuvake" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS] "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Kanavienkäsittelyobjekti" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS] "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS] "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [MS] "{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msieftp.dll" [MS] "{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS] "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS] "{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS] "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS] "{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS] "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [MS] "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS] "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS] "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS] "{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [MS] "{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS] "{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [MS] "{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS] "{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS] "{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [MS] "{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] "{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Offline-tiedostot-kansio" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] "{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [MS] "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dfsshlex.dll" [MS] "{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\photowiz.dll" [MS] "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS] "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer" -> {CLSID}\InProcServer32\(Default) = "cabview.dll" [MS] "{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Henkilöitä..." -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [MS] "{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS] "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS] "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [MS] "{1D2680C9-0E2A-469d-B787-065558BC7D43}" = "Fusion Cache" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mscoree.dll" [MS] "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = "Web Folders" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll" ["Roxio"] "{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}" = "My Media" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll" ["Roxio, Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 DragDrop Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.5 Property Sheet Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Component Categories cache daemon" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = "URL Exec Hook" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "shell32.dll" [MS] HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [MS] "SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\stobject.dll" [MS] HKCU\SOFTWARE\Microsoft\Command Processor\ "AutoRun" = (no data) HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "Shell" = (no data) HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ "load" = (no data) "run" = (no data) HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ "Shell" = (no data) HKLM\SOFTWARE\Microsoft\Command Processor\ "AutoRun" = (no data) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ "AppInit_DLLs" = (no data) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ "GinaDLL" = (no data) "Shell" = "Explorer.exe" [MS] "Taskman" = (no data) "Userinit" = "C:\WINDOWS\system32\userinit.exe," [MS] "System" = (no data) HKLM\System\CurrentControlSet\Control\Session Manager\ "BootExecute" = "autocheck autochk *" HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] crypt32chain\DLLName = "crypt32.dll" [MS] cryptnet\DLLName = "cryptnet.dll" [MS] cscdll\DLLName = "cscdll.dll" [MS] ScCertProp\DLLName = "wlnotify.dll" [MS] Schedule\DLLName = "wlnotify.dll" [MS] sclgntfy\DLLName = "sclgntfy.dll" [MS] SensLogn\DLLName = "WlNotify.dll" [MS] termsrv\DLLName = "wlnotify.dll" [MS] wlballoon\DLLName = "wlnotify.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ Your Image File Name Here without a path\Debugger = "ntsd -d" [MS] HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\ HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\ HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\ HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\ HKLM\Software\Classes\PROTOCOLS\Filter\ application/octet-stream\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mscoree.dll" [MS] application/x-complus\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mscoree.dll" [MS] application/x-msdownload\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mscoree.dll" [MS] Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS] deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS] gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS] lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS] text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [MS] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Default executables: -------------------- .BAT: HKLM\SOFTWARE\Classes\batfile\shell\open\command\ "Default" = ""%1" %*" .CMD: HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\ "Default" = ""%1" %*" .COM: HKLM\SOFTWARE\Classes\comfile\shell\open\command\ "Default" = ""%1" %*" .EXE: HKLM\SOFTWARE\Classes\exefile\shell\open\command\ "Default" = ""%1" %*" .HTA: HKLM\SOFTWARE\Classes\htafile\shell\open\command\ "Default" = "C:\WINDOWS\System32\mshta.exe "%1" %*" .PIF: HKLM\SOFTWARE\Classes\piffile\shell\open\command\ "Default" = ""%1" %*" .SCR: HKLM\SOFTWARE\Classes\scrfile\shell\open\command\ "Default" = ""%1" /S" Group Policies [Description]: ----------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\ HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\ HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\ Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = (value not set) Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS] Autostart via AUTORUN.INF on local fixed drives: ------------------------------------------------ C:\ AUTORUN.INF -> (file not found) D:\ AUTORUN.INF -> (file not found) E:\ AUTORUN.INF -> (file not found) DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Documents and Settings\Default User\Local Settings\Sivuhistoria\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\0A3SDI7C\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6CFVQB5M\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\QU8EE2MV\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\XRV4XS25\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Sivuhistoria\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\0A3SDI7C\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\0X2NKL2V\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\0ZH3A275\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\3RT779CW\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\4L2JCLAN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\4PUJK1MZ\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\5R33PXKE\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\6CFVQB5M\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\8ZXZYYF9\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\AFENATYV\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\C1Y309YR\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\E9LYVAL0\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\GHQ3KLQN\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\ILZ0D8R6\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\KNZ76OPX\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\QU8EE2MV\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Iiro\Local Settings\Temporary Internet Files\Content.IE5\XRV4XS25\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Sivuhistoria\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temporary Internet Files\Content.IE5\0A3SDI7C\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temporary Internet Files\Content.IE5\6CFVQB5M\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temporary Internet Files\Content.IE5\QU8EE2MV\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temporary Internet Files\Content.IE5\XRV4XS25\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\NetworkService\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0A3SDI7C\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6CFVQB5M\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QU8EE2MV\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\XRV4XS25\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\assembly\DESKTOP.INI [.ShellClassInfo] CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mscoree.dll" [MS] C:\WINDOWS\Downloaded Program Files\DESKTOP.INI [.ShellClassInfo] CLSID={88C6C381-2E85-11d0-94DE-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS] C:\WINDOWS\Fonts\DESKTOP.INI [.ShellClassInfo] UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534} -> {CLSID}\InProcServer32\(Default) = "fontext.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Local Settings\Sivuhistoria\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\28A7N0A5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W9MBOD2R\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X18XALLW\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YHR12345\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] C:\WINDOWS\Tasks\DESKTOP.INI [.ShellClassInfo] CLSID={d6277990-4c6a-11cf-8d87-00aa0060f5bf} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [MS] D: (no DLL launch points found) E: (no DLL launch points found) Startup items in "Iiro" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\Iiro\Käynnistä-valikko\Ohjelmat\Käynnistys C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys "Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "F-Secure Automatic Update" -> shortcut to: "C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe -startup" ["BackWeb Technologies Inc. "] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "VIA RAID TOOL" -> shortcut to: "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"] Enabled Scheduled Tasks: ------------------------ Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{01E04581-4EEE-11D0-BFE9-00AA005B4383}" = "&Lähiosoite" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] "{0E5CBF21-D15F-11D0-8301-00AA005B4383}" = "&Linkit" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [file not found] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{8E718888-423F-11D2-876E-00A0C9082467}" = "&Radio" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msdxm.ocx" [MS] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {32683183-48A0-441B-A342-7C2A440A9478}\ = "Media-palkki" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] {EFA24E64-B078-11D0-89E4-00C04FC9E26E}\ = "Explorer Band" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\ = "Adobe PDF" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [file not found] {4D5C8C25-D075-11D0-B416-00C04FB90376}\ = "&Päivän vihje" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{30D02401-6A81-11D0-8274-00C04FD5AE38}\ = "Etsintäpalkki" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [MS] HKLM\Software\Classes\CLSID\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}\ = "&Discuss" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ = "Tiedostojen etsintä -Explorer-palkki" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] HKLM\Software\Classes\CLSID\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\ = "Favorites Band" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\ = "History Band" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Messenger" "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS] Internet Explorer Address Prefixes: ----------------------------------- Prefix for bare domain ("domain-name-here.com") HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Default Prefix\ (Default) = "http://" Prefix for specific service (i.e., "www") HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\ "ftp" = "ftp://" "gopher" = "gopher://" "home" = "http://" "mosaic" = "http://" "www" = "http://" Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" -- no anomalies found) HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ "NavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS] "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS] "NavigationCanceled" = "res://shdoclc.dll/navcancl.htm" [MS] "OfflineInformation" = "res://shdoclc.dll/offcancl.htm" [MS] "Home" = 270 "blank" = "res://mshtml.dll/blank.htm" [MS] "PostNotCached" = "res://mshtml.dll/repost.htm" [MS] "mozilla" = "res://mshtml.dll/about.moz" [MS] HOSTS file ---------- HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\ "DataBasePath" = "C:\WINDOWS\System32\drivers\etc" C:\WINDOWS\System32\drivers\etc\HOSTS maps: 1 domain name to an IP address, and this is the localhost IP address All Running Services (Display Name, Service Name, Path {Service DLL}): ---------------------------------------------------------------------- Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] Automaattiset päivitykset, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wuauserv.dll" [MS]} COM+-tapahtumajärjestelmä, EventSystem, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\es.dll" [MS]} DHCP-asiakas, Dhcp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]} DNS-asiakas, Dnscache, "C:\WINDOWS\System32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]} Etäkäytön (RAS) yhteyksienhallinta, RasMan, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]} Etäproseduurikutsu (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\system32\rpcss.dll" [MS]} F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"] F-Secure Automatic Update, BackWeb Plug-in - 7681197, "C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" ["BackWeb Technologies Inc. "] F-Secure Gatekeeper Handler Starter, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."] F-Secure Management Agent, FSMA, ""C:\Program Files\F-Secure\Common\FSMA32.EXE"" ["F-Secure Corporation"] F-Secure Network Request Broker, F-Secure Network Request Broker, ""C:\Program Files\F-Secure\Common\FNRB32.EXE"" ["F-Secure Corporation"] fsbwsys, fsbwsys, ""C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe"" ["F-Secure Corp."] Internet-yhteyden palomuuri (ICF) / Internet-yhteyden jakaminen (ICS), SharedAccess, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipnathlp.dll" [MS]} iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] IPSEC-palvelut, PolicyAgent, "C:\WINDOWS\System32\lsass.exe" [MS] Järjestelmän palauttaminen -palvelu, srservice, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srsvc.dll" [MS]} Järjestelmätapahtuman ilmoitus, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]} Kannettavan soittimen sarjanumero, WmdmPmSp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mspmspsv.dll" [MS]} Käyttöliittymän laitteistotunnistus, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]} Käyttöoikeustilien hallinta, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS] Latauksenhallinta, uploadmgr, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]} NLA-nimiavaruus (Network Location Awareness), Nla, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]} Nopean käyttäjän vaihdon yhteensopivuus, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]} Ohjeet ja tuotetuki, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]} Palvelin, lanmanserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]} Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS] Puhelin, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]} Päätepalvelut, TermService, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\termsrv.dll" [MS]} Remote Access Auto Connection -hallinta, RasAuto, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasauto.dll" [MS]} Salauspalvelut, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]} Sovelluskerroksen yhdyskäytäväpalvelu, ALG, "C:\WINDOWS\System32\alg.exe" [MS] SSDP-palvelu (Simple Service Discovery Protocol), SSDPSRV, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]} Suojattu tallennuspaikka, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS] Tapahtumaloki, Eventlog, "C:\WINDOWS\system32\services.exe" [MS] Taustatulostusohjain, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS] TCP/IP NetBIOS Helper, LmHosts, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]} Teemat, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]} Tehtävien ajoitus, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]} Tiedostolinkkijäljityksen asiakas, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]} Tietokoneiden selaus, Browser, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]} Toissijainen kirjautuminen, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]} Työasema, lanmanworkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]} Universal Plug & Play -laiteisäntä, upnphost, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\upnphost.dll" [MS]} Verkkoyhteydet, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]} Viestinvälitys, Messenger, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\msgsvc.dll" [MS]} Virheraportointipalvelut, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]} WebClient, WebClient, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]} Windows Audio, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]} Windows Time, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\w32time.dll" [MS]} Wireless Zero Configuration, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]} WMI-palvelu (Windows Management Instrumentation), winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]} Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = "kbdclass" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\System32\AdobePDF.dll" ["Adobe Systems Incorporated."] BJ Language Monitor\Driver = "cnbjmon.dll" [MS] Local Port\Driver = "localspl.dll" [MS] PJL Language Monitor\Driver = "pjlmon.dll" [MS] Standard TCP/IP Port\Driver = "tcpmon.dll" [MS] USB Monitor\Driver = "usbmon.dll" [MS] -- (total run time: 95 seconds)
ei sattunu mitään silmään tosta koitetaan vielä tätä: imuroi spyaxefix http://noahdfear.geekstogo.com/click counter/click.php?id=8 © noahdfear, and save it to your desktop. [*]Close all other programs and windows. [*]Double click SpyAxeFix.exe, then click Start to extract the tool to it's own folder. [*]Open the SpyAxeFix folder and double click the SpyAxeFix.bat to start the tool. [*]At one point when the tool runs, your taskbar will dissappear, and your computer will restart when the tool completes. [*]A text file named spyaxe.txt will be created in the SpyAxeFix folder. [*]Post the contents of that log please. tuli enklanniksi ku oon laiska suomentaan edit: korjasin linkin edit2: hmm, tsekkaa onko konellasi seuraavia: ioctrl.dll, interceptor.dll, klikkaa oikeella> ominaisuudet laita tänne, erityisesti kiinnostaa luonti/muokkaus päivä skannaa ne jos löytyy täällä: http://virusscan.jotti.org kopsaa vastaus tänne sitte c:\windows\system32\winlogon.exe, samoin ominaisuudet, luonti/muokkaus päivä, koko jne, paras ois jos saisit noista kaikist md5:et, mut tyydyn ominaisuuksiin.. skannaa sekin lopuks jottilla ja pist sekin vastaus tänne
Spyaxe fix ei auttanut , tässä tiedot jota pyydettiin... ioctrl.dll: luotu 11. joulukuuta 2005, 22:40:01 muokattu 11. joulukuuta 2005, 22:40:01 käytetty 13. joulukuuta 2005, 0:31:10 koko: 96kt Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found Win32:Hoaxalarm-M AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found Trojan.Fakealert F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing ------------------- winlogon.exe: luotu 25. huhtikuuta 2003, 14:00:00 muokattu 17. kesäkuuta 2004, 2:06:12 käytetty 13. joulukuuta 2005, 0:43:07 koko: 473kt AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing ------ EN LÖYTÄNYT interceptor.dll ------ spyaxe.txt sanoo näin: SpyAxeFix © by noahdfear Microsoft Windows XP [versio 5.1.2600] spyaxe directory present spyaxe uninstaller present Starting spyaxe uninstaller Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of spyaxe.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 232 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update" SpyAxeFix © by noahdfear Microsoft Windows XP [versio 5.1.2600] spyaxe directory present spyaxe uninstaller present Starting spyaxe uninstaller Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of spyaxe.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 740 'explorer.exe' Killing PID 740 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update" SpyAxeFix © by noahdfear Microsoft Windows XP [versio 5.1.2600] spyaxe directory present spyaxe uninstaller present Starting spyaxe uninstaller Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of spyaxe.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 740 'explorer.exe' Killing PID 740 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update" SpyAxeFix © by noahdfear Microsoft Windows XP [versio 5.1.2600] Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 3024 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update" SpyAxeFix © by noahdfear Microsoft Windows XP [versio 5.1.2600] spyaxe directory present spyaxe uninstaller present Starting spyaxe uninstaller Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of spyaxe.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 900 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update"
Joo tuolla ruotsin foorumilla on spyaxee nyt paljo ja KillBoxilla pois tuo ioctrl.dll,niin näköjään häipy.
