F-securen onlinescanneri ilmaisee ainakin yhden viruksen ja kuusi vakoiluohjelmaa, mutta ohjelmaa kuten ei spybottiakaan pääse ajamaan ohjelmia läpi orkkien poistoon asti vaan kone tekee pysäytysvirhenäyttöä tai sulkee internet explorerin. Lisäksi hetken välein näyttöön tulee ikkuna jonka otsikkona " 16 bittinen ms-dos alijärjestelmä" ja sitten lukeen C\:documents... tämän lopussa on aina muutuva exe-loppuinen nimi esim \thpqox.exe tai kmmuz.exe jne eli muuttuu aina eri nimiseksi lisäksi lopussa lukee että NT:n näennäinen doskone kohtasi laittoman käskyn csgcd ja sitten viitataan johonkin ip-osoitteeseen. Harmia kylliksi asti. Mikä neuvoksi Tässä HJT-logi Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:23:17, on 30.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\Wtablet\TabUserW.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\MSN Messenger\msnmsgr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174149054001 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: printers - {BF142675-78EA-4C26-8C4A-F52424997D08} - libcintles3.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O24 - Desktop Component 0: (no name) - http://80.81.189.226/00/32/52/70/10952830.jpg -- End of file - 10079 bytes
Yritin käydä escanilla läpi ja kävi kuten mainitsin, eli puoli tuntia ehti raksuttaa kun tuli taas tuo windowsin vikavirhenäyttö koodilla 0x0000000A ja alussa teksti irql not less or equal. Noita virhenäyttöongelmia on ollut ; välillä konee toimii moitteettomasti ja välillä tilttaa. Escan ehti kuitenkin merkata tämän: C:\windows\system32\libcintles3.dll infected by backdoor.win32.ircbot.acd virus.
Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi: * Käynnistä tietokone * Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa * Seuraavaksi pitäisi ilmestyä valikko * Valitse valikosta vikasietotila. * Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne * Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. * Paina Y käynnistääksesi skriptin. * Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". * Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. * Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. * Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". * Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. * Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi ======= 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Running From: C:\sdfix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Restoring Missing SharedAccess Service Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\ATHPRX~1.DLL - Deleted C:\WINDOWS\SYSTEM32\CNCS32.DLL - Deleted C:\Program Files\Setup.exe - Deleted C:\Documents and Settings\Reijo Maukkonen\new.txt - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*isabled:RealPlayer" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*isabled:Internet Explorer" "C:\\Program Files\\Microsoft Games\\Links 2003 Demo\\LinksMMIII.exe"="C:\\Program Files\\Microsoft Games\\Links 2003 Demo\\LinksMMIII.exe:*isabled:Links 2003" "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II" "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Et„tuki - Windows Messenger ja „„niyhteys" "C:\\Program Files\\KCeasy\\giFT\\giFTl.exe"="C:\\Program Files\\KCeasy\\giFT\\giFTl.exe:*:Enabled:giFT Loader for KCeasy" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall 4\\kpf4gui.exe:*isabled:Sunbelt Kerio Personal Firewall 4 - GUI" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\sdfix\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Reijo Maukkonen\Local Settings\Application Data\Microsoft\Messenger\*******\Sharing Folders\*******\Thumbs.db C:\Documents and Settings\Reijo Maukkonen\Local Settings\Application Data\Microsoft\Messenger\*******\Sharing Folders\****\Thumbs.db C:\Documents and Settings\Reijo Maukkonen\Local Settings\Application Data\Microsoft\Messenger\************\Sharing Folders\*********\Thumbs.db C:\Documents and Settings\Reijo Maukkonen\Local Settings\Application Data\Microsoft\Messenger\*********\Sharing Folders\********\Thumbs.db C:\Documents and Settings\Reijo Maukkonen\Local Settings\Application Data\Microsoft\Messenger\********\Sharing Folders\*******\Thumbs.db C:\Documents and Settings\Reijo Maukkonen\Local Settings\Application Data\Microsoft\Messenger\********\Sharing Folders\***********\Thumbs.db Finished
Ja tässä Combofixin raportti: C:\DOCUME~1\REIJOM~1\TYPYT~1\internet.lnk ((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 ))))))))))))))))))))))))))))))) 2007-08-06 11:42 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-06 11:28 <KANSIO> d-------- C:\WINDOWS\ERUNT 2007-07-30 17:22 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-07-30 14:17 5,548 --a------ C:\DOCUME~1\REIJOM~1\evfsmm.exe 2007-07-30 13:56 5,548 --a------ C:\DOCUME~1\REIJOM~1\eykxxt.exe 2007-07-30 13:50 5,547 --a------ C:\DOCUME~1\REIJOM~1\geftxk.exe 2007-07-30 13:43 5,547 --a------ C:\DOCUME~1\REIJOM~1\tkffud.exe 2007-07-30 13:36 5,548 --a------ C:\DOCUME~1\REIJOM~1\xosyzi.exe 2007-07-30 13:30 5,548 --a------ C:\DOCUME~1\REIJOM~1\oejdlr.exe 2007-07-30 13:23 5,548 --a------ C:\DOCUME~1\REIJOM~1\albmnw.exe 2007-07-30 13:22 <KANSIO> d-------- C:\Program Files\Trend Micro 2007-07-30 13:17 5,548 --a------ C:\DOCUME~1\REIJOM~1\msdcvq.exe 2007-07-30 13:10 5,548 --a------ C:\DOCUME~1\REIJOM~1\wddwfr.exe 2007-07-30 13:03 5,548 --a------ C:\DOCUME~1\REIJOM~1\kgudgb.exe 2007-07-30 12:56 5,548 --a------ C:\DOCUME~1\REIJOM~1\kkmmuz.exe 2007-07-30 12:50 5,548 --a------ C:\DOCUME~1\REIJOM~1\thpgox.exe 2007-07-30 12:43 5,547 --a------ C:\DOCUME~1\REIJOM~1\fenhaa.exe 2007-07-30 12:37 5,548 --a------ C:\DOCUME~1\REIJOM~1\yvrscu.exe 2007-07-30 12:23 5,548 --a------ C:\DOCUME~1\REIJOM~1\tlshzz.exe 2007-07-30 12:16 5,548 --a------ C:\DOCUME~1\REIJOM~1\laxicj.exe 2007-07-30 12:10 5,548 --a------ C:\DOCUME~1\REIJOM~1\rxxgne.exe 2007-07-30 12:03 5,548 --a------ C:\DOCUME~1\REIJOM~1\iwrwvo.exe 2007-07-30 11:57 5,548 --a------ C:\DOCUME~1\REIJOM~1\xlohyq.exe 2007-07-30 11:56 <KANSIO> d-------- C:\fsaua.data 2007-07-30 11:50 5,548 --a------ C:\DOCUME~1\REIJOM~1\vqubbf.exe 2007-07-30 11:43 5,548 --a------ C:\DOCUME~1\REIJOM~1\jfvqpf.exe 2007-07-30 11:36 5,548 --a------ C:\DOCUME~1\REIJOM~1\hahtah.exe 2007-07-30 11:30 5,548 --a------ C:\DOCUME~1\REIJOM~1\hwtuot.exe 2007-07-30 11:23 5,548 --a------ C:\DOCUME~1\REIJOM~1\laajzn.exe 2007-07-30 11:16 5,548 --a------ C:\DOCUME~1\REIJOM~1\bqcaop.exe 2007-07-30 11:10 5,548 --a------ C:\DOCUME~1\REIJOM~1\nmnuyh.exe 2007-07-30 11:03 5,548 --a------ C:\DOCUME~1\REIJOM~1\obfuwd.exe 2007-07-30 09:50 5,548 --a------ C:\DOCUME~1\REIJOM~1\lzzgii.exe 2007-07-30 09:43 5,548 --a------ C:\DOCUME~1\REIJOM~1\sdzbzk.exe 2007-07-30 09:36 5,548 --a------ C:\DOCUME~1\REIJOM~1\svemow.exe 2007-07-30 09:30 5,548 --a------ C:\DOCUME~1\REIJOM~1\hwfisr.exe 2007-07-30 09:23 5,548 --a------ C:\DOCUME~1\REIJOM~1\njhhud.exe 2007-07-30 09:16 5,548 --a------ C:\DOCUME~1\REIJOM~1\dtxqbo.exe 2007-07-30 09:10 5,548 --a------ C:\DOCUME~1\REIJOM~1\sryuzq.exe 2007-07-30 07:22 5,548 --a------ C:\DOCUME~1\REIJOM~1\zcqbba.exe 2007-07-23 20:12 <KANSIO> d-------- C:\Program Files\Play65 2007-07-16 18:27 <KANSIO> d-------- C:\DOCUME~1\REIJOM~1\APPLIC~1\BitTorrent 2007-07-15 20:44 <KANSIO> d-------- C:\DOCUME~1\REIJOM~1\APPLIC~1\fretsonfire (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-06 11:39 --------- d-------- C:\DOCUME~1\REIJOM~1\APPLIC~1\Skype 2007-08-06 11:36 12346 --a------ C:\WINDOWS\system32\Tablet.dat 2007-08-06 11:25 2964 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2007-07-30 11:21 --------- d-------- C:\DOCUME~1\REIJOM~1\APPLIC~1\ZoomBrowser EX 2007-07-24 22:08 33664 --a------ C:\DOCUME~1\REIJOM~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-07-11 08:31 71114 --a------ C:\WINDOWS\system32\perfc00B.dat 2007-07-11 08:31 366790 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-05-16 18:14 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 18:14 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 18:14 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 18:14 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 18:14 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2006-09-07 20:37 5120 --ahs---- C:\Program Files\Thumbs.db 2000-09-29 06:01 652 -ra------ C:\Program Files\layout.bin 2000-09-29 06:01 204890 -ra------ C:\Program Files\data1.hdr 2000-09-29 06:01 107119545 -ra------ C:\Program Files\data1.cab 2000-09-29 06:00 8812 -ra------ C:\Program Files\_user1.hdr 2000-09-29 06:00 6492 -ra------ C:\Program Files\_sys1.hdr 2000-09-29 06:00 49 -ra------ C:\Program Files\setup.lid 2000-09-29 06:00 2389166 -ra------ C:\Program Files\_user1.cab 2000-09-29 06:00 198033 -ra------ C:\Program Files\setup.ins 2000-09-29 06:00 181565 -ra------ C:\Program Files\_sys1.cab 2000-09-29 06:00 101 -ra------ C:\Program Files\DATA.TAG 2000-09-14 04:22 27551 -ra------ C:\Program Files\Photoshop 6.0 Readme.wri 2000-08-30 13:15 27648 -ra------ C:\Program Files\_ISDel.exe 2000-06-16 13:21 415574 -ra------ C:\Program Files\Setup.bmp 2000-01-04 14:34 250 -ra------ C:\Program Files\SETUP.INI 1999-12-10 10:19 2839 -ra------ C:\Program Files\Abcpy.ini 1998-10-02 15:15 297989 -ra------ C:\Program Files\_INST32I.EX_ 1998-10-02 15:06 27648 -ra------ C:\Program Files\_ISDel_old.exe 1998-09-29 13:34 34816 -ra------ C:\Program Files\_Setup.dll 1998-09-18 11:12 4679 -ra------ C:\Program Files\lang.dat 1998-07-27 14:41 450 -ra------ C:\Program Files\os.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 13:50] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 21:10] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-06-03 12:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-06 14:06] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-28 19:59] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 21:41] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 16:57] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-23 00:31] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-09-16 09:16:58] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-09-16 09:16:58] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04] TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe [2003-12-04 18:48:40] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-09-16 08:34:48] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\penclass.sys R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys R3 PCnetHL;AMD PCnet-Home Adapter Driver;C:\WINDOWS\system32\DRIVERS\pcntn5hl.sys R3 vulfnths;VIA USB Host Controller Lower Filter;C:\WINDOWS\system32\Drivers\vulfnth.sys R3 vulfntrs;VIA USB Roothub Lower Filter;C:\WINDOWS\system32\Drivers\vulfntr.sys S3 EPPSCSIx;Agfa EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\REIJOM~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS S3 SOCKFILT.DLL;Outpost Firewall PlugIn (SOCKFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\SOCKFILT.DLL S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS Contents of the 'Scheduled Tasks' folder 2007-08-06 08:39:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-06 11:46:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2] "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT" scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-06 11:47:52 C:\ComboFix-quarantined-files.txt ... 2007-08-06 11:47 --- E O F ---
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne: Tallenna se nimellä CFScript. (Tarkista että on juuri noin kirjoitettu) Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
Tein työtä käskettyä; tässä logi ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\REIJOM~1\albmnw.exe C:\DOCUME~1\REIJOM~1\bqcaop.exe C:\DOCUME~1\REIJOM~1\dtxqbo.exe C:\DOCUME~1\REIJOM~1\evfsmm.exe C:\DOCUME~1\REIJOM~1\eykxxt.exe C:\DOCUME~1\REIJOM~1\fenhaa.exe C:\DOCUME~1\REIJOM~1\geftxk.exe C:\DOCUME~1\REIJOM~1\hahtah.exe C:\DOCUME~1\REIJOM~1\hwfisr.exe C:\DOCUME~1\REIJOM~1\hwtuot.exe C:\DOCUME~1\REIJOM~1\iwrwvo.exe C:\DOCUME~1\REIJOM~1\jfvqpf.exe C:\DOCUME~1\REIJOM~1\kgudgb.exe C:\DOCUME~1\REIJOM~1\kkmmuz.exe C:\DOCUME~1\REIJOM~1\laajzn.exe C:\DOCUME~1\REIJOM~1\laxicj.exe C:\DOCUME~1\REIJOM~1\lzzgii.exe C:\DOCUME~1\REIJOM~1\msdcvq.exe C:\DOCUME~1\REIJOM~1\njhhud.exe C:\DOCUME~1\REIJOM~1\nmnuyh.exe C:\DOCUME~1\REIJOM~1\obfuwd.exe C:\DOCUME~1\REIJOM~1\oejdlr.exe C:\DOCUME~1\REIJOM~1\rxxgne.exe C:\DOCUME~1\REIJOM~1\sdzbzk.exe C:\DOCUME~1\REIJOM~1\sryuzq.exe C:\DOCUME~1\REIJOM~1\svemow.exe C:\DOCUME~1\REIJOM~1\thpgox.exe C:\DOCUME~1\REIJOM~1\tkffud.exe C:\DOCUME~1\REIJOM~1\tlshzz.exe C:\DOCUME~1\REIJOM~1\wddwfr.exe C:\DOCUME~1\REIJOM~1\vqubbf.exe C:\DOCUME~1\REIJOM~1\xlohyq.exe C:\DOCUME~1\REIJOM~1\xosyzi.exe C:\DOCUME~1\REIJOM~1\yvrscu.exe C:\DOCUME~1\REIJOM~1\zcqbba.exe ((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 ))))))))))))))))))))))))))))))) 2007-08-06 11:42 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-06 11:28 <KANSIO> d-------- C:\WINDOWS\ERUNT 2007-07-30 17:22 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-07-30 13:22 <KANSIO> d-------- C:\Program Files\Trend Micro 2007-07-30 11:56 <KANSIO> d-------- C:\fsaua.data 2007-07-23 20:12 <KANSIO> d-------- C:\Program Files\Play65 2007-07-16 18:27 <KANSIO> d-------- C:\DOCUME~1\REIJOM~1\APPLIC~1\BitTorrent 2007-07-15 20:44 <KANSIO> d-------- C:\DOCUME~1\REIJOM~1\APPLIC~1\fretsonfire (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-06 12:03 --------- d-------- C:\DOCUME~1\REIJOM~1\APPLIC~1\Skype 2007-08-06 12:02 12346 --a------ C:\WINDOWS\system32\Tablet.dat 2007-08-06 11:25 2964 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2007-07-30 11:21 --------- d-------- C:\DOCUME~1\REIJOM~1\APPLIC~1\ZoomBrowser EX 2007-07-24 22:08 33664 --a------ C:\DOCUME~1\REIJOM~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-07-11 08:31 71114 --a------ C:\WINDOWS\system32\perfc00B.dat 2007-07-11 08:31 366790 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-05-16 18:14 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 18:14 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 18:14 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 18:14 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 18:14 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-08 11:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2006-09-07 20:37 5120 --ahs---- C:\Program Files\Thumbs.db 2000-09-29 06:01 652 -ra------ C:\Program Files\layout.bin 2000-09-29 06:01 204890 -ra------ C:\Program Files\data1.hdr 2000-09-29 06:01 107119545 -ra------ C:\Program Files\data1.cab 2000-09-29 06:00 8812 -ra------ C:\Program Files\_user1.hdr 2000-09-29 06:00 6492 -ra------ C:\Program Files\_sys1.hdr 2000-09-29 06:00 49 -ra------ C:\Program Files\setup.lid 2000-09-29 06:00 2389166 -ra------ C:\Program Files\_user1.cab 2000-09-29 06:00 198033 -ra------ C:\Program Files\setup.ins 2000-09-29 06:00 181565 -ra------ C:\Program Files\_sys1.cab 2000-09-29 06:00 101 -ra------ C:\Program Files\DATA.TAG 2000-09-14 04:22 27551 -ra------ C:\Program Files\Photoshop 6.0 Readme.wri 2000-08-30 13:15 27648 -ra------ C:\Program Files\_ISDel.exe 2000-06-16 13:21 415574 -ra------ C:\Program Files\Setup.bmp 2000-01-04 14:34 250 -ra------ C:\Program Files\SETUP.INI 1999-12-10 10:19 2839 -ra------ C:\Program Files\Abcpy.ini 1998-10-02 15:15 297989 -ra------ C:\Program Files\_INST32I.EX_ 1998-10-02 15:06 27648 -ra------ C:\Program Files\_ISDel_old.exe 1998-09-29 13:34 34816 -ra------ C:\Program Files\_Setup.dll 1998-09-18 11:12 4679 -ra------ C:\Program Files\lang.dat 1998-07-27 14:41 450 -ra------ C:\Program Files\os.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01] "NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 13:50] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 21:10] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-06-03 12:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-06 14:06] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-28 19:59] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 21:41] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 16:57] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-23 00:31] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-09-16 09:16:58] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-09-16 09:16:58] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 13:01:04] TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe [2003-12-04 18:48:40] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-09-16 08:34:48] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\penclass.sys R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys R3 PCnetHL;AMD PCnet-Home Adapter Driver;C:\WINDOWS\system32\DRIVERS\pcntn5hl.sys R3 vulfnths;VIA USB Host Controller Lower Filter;C:\WINDOWS\system32\Drivers\vulfnth.sys R3 vulfntrs;VIA USB Roothub Lower Filter;C:\WINDOWS\system32\Drivers\vulfntr.sys S3 EPPSCSIx;Agfa EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\C:\DOCUME~1\REIJOM~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS S3 SOCKFILT.DLL;Outpost Firewall PlugIn (SOCKFILT.DLL);\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\SOCKFILT.DLL S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS Contents of the 'Scheduled Tasks' folder 2007-08-06 09:05:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-06 12:14:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [1320] 0x88D2FC68 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2] "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT" scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-06 12:15:41 C:\ComboFix-quarantined-files.txt ... 2007-08-06 12:15 C:\ComboFix2.txt ... 2007-08-06 11:47 --- E O F ---
Tarkista koneesi F-Securen online skannerilla Huom, skanneri toimii vain Internet Explorer selaimella * Lue sivun ohjeet huolella läpi * Klikkaa Start scanning * Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna * Klikkaa Accept * Klikkaa Custom Scan * Säädä asetukset seuraavasti o "Virus Scan Option" kohdasta valitse Scan whole system o "Other Scan Option" kohdasta valitse Scan All Files o Valitse Scan whole system for rootkits o Valitse Scan whole system for spyware o Laita ruksi kohtaan Scan inside archives o Varmista että Use advanced heuristics on valittuna * Klikkaa Start * Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu * Odota kärsivällisesti * Kun sakannaus on suoritettu, klikkaa Automatic cleaning * Klikkaa Show Report * Raportti aukeaa selaimessa, kopioi teksti kokonaan * Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle * Voit sulkea skannerin * Lähetä raportti viestiketjuusi ========== Loistava ohje tietokoneeen nopeuttamiseksi http://neko.1g.fi/ohje/hidastelua.html ========== Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi! Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp tai http://www.filehippo.com/download_java_runtime/ Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. ========== Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi. myös F-securen raportti
tässä deckar's ensin ja sen jälkeen pari f-securea, koska jouduin ekalla kerralla lopettamaan skannauksen Deckard's System Scanner v20070807.62 Run by Reijo Maukkonen on 2007-08-08 at 14:36:16 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 38: 2007-08-08 11:36:21 UTC - RP718 - Deckard's System Scanner Restore Point 37: 2007-08-08 11:31:28 UTC - RP717 - Installed Java(TM) 6 Update 2 36: 2007-08-08 11:25:37 UTC - RP716 - Removed Java(TM) SE Runtime Environment 6 Update 1 35: 2007-08-08 11:24:30 UTC - RP715 - Removed Java(TM) 6 Update 2 34: 2007-08-08 11:23:39 UTC - RP714 - Removed Java 2 Runtime Environment, SE v1.4.2_04 -- First Restore Point -- 1: 2007-07-09 13:42:46 UTC - RP681 - Järjestelmän tarkistuspiste Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Reijo Maukkonen.exe) ------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:37:29, on 8.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Ahead\InCD\InCD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Reijo Maukkonen\Työpöytä\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Reijo Maukkonen.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174149054001 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O24 - Desktop Component 0: (no name) - http://80.81.189.226/00/32/52/70/10952830.jpg -- End of file - 8708 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver> R1 fwdrv (Firewall Driver) - c:\windows\system32\drivers\fwdrv.sys <Not Verified; Sunbelt Software; > R1 khips (Kerio HIPS Driver) - c:\windows\system32\drivers\khips.sys <Not Verified; ; HIPS> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S2 PfModNT - c:\windows\system32\drivers\pfmodnt.sys (file missing) S3 catchme - c:\docume~1\reijom~1\locals~1\temp\catchme.sys (file missing) S3 EPPSCSIx (Agfa EPPSCSI Driver) - c:\windows\system32\drivers\eppscan.sys <Not Verified; EPPSCAN WDM Driver; EPPSCAN Parallel Port Device Driver> S3 SOCKFILT.DLL (Outpost Firewall PlugIn (SOCKFILT.DLL)) - c:\progra~1\agnitum\outpos~1.0\kernel\sockfilt.dll (file missing) S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service> R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F} Description: Device ID: ROOT\IMAGE\0000 Manufacturer: Name: PNP Device ID: ROOT\IMAGE\0000 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-08-08 14:36:59 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2007-07-08 and 2007-08-08 ----------------------------- 2007-08-06 11:28:25 0 d-------- C:\WINDOWS\ERUNT 2007-07-30 17:22:15 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> 2007-07-30 13:22:49 0 d-------- C:\Program Files\Trend Micro 2007-07-30 11:56:08 0 d-------- C:\fsaua.data 2007-07-23 20:12:37 0 d-------- C:\Program Files\Play65 2007-07-16 18:27:43 0 d-------- C:\Documents and Settings\Reijo Maukkonen\Application Data\BitTorrent 2007-07-15 20:44:13 0 d-------- C:\Documents and Settings\Reijo Maukkonen\Application Data\fretsonfire -- Find3M Report --------------------------------------------------------------- 2007-08-08 14:34:24 0 d-------- C:\Documents and Settings\Reijo Maukkonen\Application Data\Skype 2007-08-08 14:33:58 12346 --a------ C:\WINDOWS\system32\Tablet.dat 2007-08-08 14:32:00 0 d-------- C:\Program Files\Java 2007-08-08 14:05:28 0 d-------- C:\Documents and Settings\Reijo Maukkonen\Application Data\ZoomBrowser EX 2007-08-07 23:43:05 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-24 22:08:21 33664 --a------ C:\Documents and Settings\Reijo Maukkonen\Application Data\GDIPFONTCACHEV1.DAT 2007-07-11 08:31:52 366790 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-07-11 08:31:52 71114 --a------ C:\WINDOWS\system32\perfc00B.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12.08.2003 21:10] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03.06.2003 12:54] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [28.04.2007 19:59] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03.11.2006 19:20] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23.02.2007 00:31] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 02:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.exe.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^TabUserW.exe.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\TabUserW.exe.lnk backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe -- End of Deckard's System Scanner: finished at 2007-08-08 at 14:39:15 --------- ____________________________________________________ eckard's System Scanner v20070807.62 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6 CPU 0: AMD Athlon(tm) XP 2600+ Percentage of Memory in Use: 22% Physical Memory (total/avail): 2047.49 MiB / 1581.21 MiB Pagefile Memory (total/avail): 3434.23 MiB / 3106.55 MiB Virtual Memory (total/avail): 2047.88 MiB / 1968.36 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 19.53 GiB total, 5.83 GiB free. D: is Fixed (NTFS) - 92.25 GiB total, 75.89 GiB free. E: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: Kerio Personal Firewall v4.2.3 T (Kerio) AV: AVG 7.5.476 v7.5.476 (GRISOFT) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Reijo Maukkonen\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=REIJO-D7G3SWJ7Q ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Reijo Maukkonen LOGONSERVER=\\REIJO-D7G3SWJ7Q NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0801 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\REIJOM~1\LOCALS~1\Temp TMP=C:\DOCUME~1\REIJOM~1\LOCALS~1\Temp USERDOMAIN=REIJO-D7G3SWJ7Q USERNAME=Reijo Maukkonen USERPROFILE=C:\Documents and Settings\Reijo Maukkonen windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Reijo Maukkonen (admin) Järjestelmänvalvoja (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99CDAF0C-AF5D-422F-B469-33048A949994}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99CDAF0C-AF5D-422F-B469-33048A949994}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Aba Daba 1.31 --> C:\WINDOWS\UnGins.exe "D:\Pelit\abadaba\install.log" Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Illustrator 10 Tryout --> "C:\Program Files\InstallShield Installation Information\{0AC416C3-A600-4A98-B5E1-A629498241DB}\setup.exe" Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe Reader 6.0.1 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7646-A00000000001} Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL Ahead NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL ArcSoft Camera Suite 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9 ArcSoft PhotoBase 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini" Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini" Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini" Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini" Canon CanoScan Toolbox 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\CanoScan Toolbox Ver4.0\Uninst.isu" -c"C:\Program Files\Canon\CanoScan Toolbox Ver4.0\uninst.dll" Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini" Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D} Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini" Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" CanoScan LiDE20,30 Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9 CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Citrix Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf Creative Mass Storage Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 /remove Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove Creative MuVo V200 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{903EC56F-EA7E-4309-B0E6-9F1AE22FCC08}\SETUP.EXE" -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove Creative Zen Nano Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER Downhill PAKOON! 2.Many Unlimited 2009 --> C:\WINDOWS\IsUninst.exe -fd:\pelit\pakoon\Uninst.isu Driver Detective --> MsiExec.exe /I{8A27828F-4647-4AC4-B0A6-1C83544E6056} EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Guitar Guru Version 2.0 --> "C:\Program Files\Musicnotes\GuitarGuru\unins000.exe" Guitar Pro 5.0 --> "D:\Guitar Pro\Guitar Pro 5\unins000.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} KCeasy 0.18 --> "C:\Program Files\KCeasy\uninstall.exe" Language Pack for Ad-aware 6 --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\INSTALL.LOG Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\Langs\INSTALL.LOG Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0xb -l000b UNINSTALL Logitech® Camera -ohjain --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Office XP Media Content --> MsiExec.exe /I{9030040B-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Professional --> MsiExec.exe /I{9111040B-6000-11D3-8CFE-0050048383C9} Microsoft Works 2000 --> MsiExec.exe /I{FB1BC4E2-766F-11D3-AF55-00C04F443448} Moorhuhn 4 Teile --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED1390DC-6910-4C77-97E2-579CAFE82F5B}\Setup.exe" -l0x7 Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0} Nokia Audio Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791C3198-6FCC-11D5-A624-00104B9B0A85}\setup.exe" -removeall OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94} Paint Shop Pro 7 Evaluation --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A} Play65 --> C:\Program Files\Play65\Play65.exe /uninstall Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{A990EAA7-8941-4621-BC27-4F16261D3180} Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Suomen linnut --> C:\WINDOWS\unin040b.exe -f"C:\Program Files\Suomen linnut\DeIsL2.isu" -cC:\PROGRA~1\SUOMEN~1\_ISREG32.DLL Tablet --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D643A9C5-EAAA-4681-8EDE-6B3462F3ACE3} /l1033 User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55} VBMahjongg --> C:\WINDOWS\uninst.exe -fd:\pelit\mahjongg\DeIsL1.isu -cd:\pelit\mahjongg\_ISREG32.DLL VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734} WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Word in Works Suite -apuohjelma --> MsiExec.exe /I{A7F038F2-8D39-11D3-A565-00C04F8923E9} -- Application Event Log ------------------------------------------------------- Event ID #29439: Success Event Submitted/Written: 08/08/2007 11:37:51 AM Event Source: usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event ID #29429: Error Event Submitted/Written: 08/07/2007 11:52:04 PM Event Source: Application Hang Event Description: Lukkiutunut sovellus explorer.exe, versio 6.0.2900.2180, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000. Event ID #29412: Warning Event Submitted/Written: 08/07/2007 07:11:12 PM Event Source: Userenv Event Description: Windows tallensi käyttäjän REIJO-D7G3SWJ7Q\Reijo Maukkonen rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä. Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi. Event ID #29407: Success Event Submitted/Written: 08/07/2007 02:23:27 PM Event Source: usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event ID #29363: Success Event Submitted/Written: 08/06/2007 10:57:08 PM Event Source: usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event ID #39699: Warning Event Submitted/Written: 08/08/2007 02:37:43 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {72D1D3B2-8107-44B5-AF70-8BC59E7DDDAA} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 Event ID #39698: Warning Event Submitted/Written: 08/08/2007 02:37:43 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {5C06B3EC-4F81-434B-B6BB-BDB520D2D22D} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 Event ID #39697: Warning Event Submitted/Written: 08/08/2007 02:37:43 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {86D50E5B-CEF9-4C23-A8B8-7DA4788B3C50} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 Event ID #39696: Warning Event Submitted/Written: 08/08/2007 02:37:40 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {5F8EC51B-B4F6-4C0F-A3B5-5D73DCF2A148} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 Event ID #39695: Warning Event Submitted/Written: 08/08/2007 02:37:40 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {CB45C112-C638-4EB5-8358-07D6A25C579C} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2007-08-08 at 14:39:15 --------- ________________________________ Scanning Report Monday, August 06, 2007 21:38:11 - 22:45:39 Computer name: REIJO-D7G3SWJ7Q Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ Result: 12 malware found Tracking Cookie (spyware) • System (Disinfected) • System • System • System • System • System • System • System • System • System • System • System Statistics Scanned: • Files: 206033 • System: 4302 • Not scanned: 10 Actions: • Disinfected: 1 • Renamed: 0 • Deleted: 0 • None: 11 • Submitted: 0 Files not scanned: • C:\PAGEFILE.SYS • C:\WINDOWS\SYSTEM32\BIOS1.ROM • C:\WINDOWS\SYSTEM32\DRIVERS\STMP3REC.SYS • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT • C:\WINDOWS\SYSTEM32\CONFIG\SAM • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG • C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB • C:\WINDOWS\INF\OEM33.INF Options Scanning engines: • F-Secure AVP: 7.0.171, 2007-08-06 • F-Secure Blacklight: 1.0.64 • F-Secure Draco: 1.0.35, 0260-23-12 • F-Secure Libra: 2.4.2, 2007-08-04 • F-Secure Orion: 1.2.37, 2007-08-06 • F-Secure Pegasus: 1.19.0, 2007-07-01 Scanning options: • Scan all files • Scan inside archives • Use Advanced heuristics Result: 0 malware found Statistics Scanned: • Files: 419402 • System: 4362 • Not scanned: 49 Actions: • Disinfected: 0 • Renamed: 0 • Deleted: 0 • None: 0 • Submitted: 0 Files not scanned: • C:\PAGEFILE.SYS • C:\WINDOWS\SYSTEM32\BIOS1.ROM • C:\WINDOWS\SYSTEM32\DRIVERS\STMP3REC.SYS • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT • C:\WINDOWS\SYSTEM32\CONFIG\SAM • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG • C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB • C:\WINDOWS\INF\OEM33.INF • C:\WINDOWS\.MPR_FILE_STORE_32\MAIN_FILE_CACHE.DAT • C:\WINDOWS\.MPR_FILE_STORE_32\VANHAT\MAIN_FILE_CACHE.DAT • C:\WINDOWS\.MPR_FILE_STORE_32\HYBRIDSCAPE\DATA\SELLABLE.DAT • C:\WINDOWS\.MPR_FILE_STORE_32\HYBRIDSCAPE\DATA\TRADEABLE.DAT • C:\WINDOWS\.MPR_FILE_STORE_32\HYBRIDSCAPE\DATA\TWOHANDED.DAT • C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT • C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2 • C:\RECYCLER\S-1-5-21-1606980848-764733703-1343024091-1004(2)\DC416.MP3 • C:\PROGRAM FILES\MICROSOFT GAMES\LINKS 2003 DEMO\HELP.HST • C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn • C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\SUPPORT.CAB • C:\PROGRAM FILES\AHEAD\INCD\DMA.BIN • C:\PROGRAM FILES\AHEAD\INCD\GAA.BIN • C:\PROGRAM FILES\AHEAD\INCD\LGC.BIN • C:\DOCUMENTS AND SETTINGS\ALL USERS.LOG • C:\DOCUMENTS AND SETTINGS\DEFAULT USER.LOG • C:\DOCUMENTS AND SETTINGS\TEMP\LOCAL SETTINGS\APPLICATION DATA\GDIPFONTCACHEV1.DAT • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\NTUSER.DAT • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\OMAT TIEDOSTOT\IMAGE.NRG • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{C83087B4-7DFC-40DE-BFB8-B28DF295D96E} • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\APPLICATION DATA\SKYPE\EEROHETTI\CALL256.DBB • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\APPLICATION DATA\SKYPE\EEROHETTI\CONTACTGROUP256.DBB • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\APPLICATION DATA\MICROSOFT\CREDENTIALS\S-1-5-21-1606980848-764733703-1343024091-1004\CREDENTIALS • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT • C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\932C79EE46057627EAE2528B8A5C5D30_960A2F5F-E152-46BB-9D37-521BA78D0178 • D:\VALOKUVAT\KAMERASTA T�H�N\ZBTHUMBNAIL.INFO • D:\VALOKUVAT\KAMERASTA T�H�N\2007_08_07\ZBTHUMBNAIL.INFO • D:\VALOKUVAT\KAMERASTA T�H�N\2007_08_05\ZBTHUMBNAIL.INFO • D:\VALOKUVAT\KAMERASTA T�H�N\2007_08_01\ZBTHUMBNAIL.INFO • D:\MUSA\VAARA !\NRJ ILTAP30X0.000000P-10224IV30X1.4A4010P-9084T - PARODIA - JULKKIS.MP3 • D:\MUSA\REPEN MUSA\REPEN MUSA\POPEDA\POPEDA - M� EL�N VIEL�KIN.MP3 • D:\MUSA\NOKIA\KAIKKI BIISIT\MATT POKORA ET RICKY MARTIN - IT'S ALRIGHT.MP3 • D:\MUSA\NOKIA\KAIKKI BIISIT\VALVOMO - MIK3-0X1.#QNAN0P+04 KES30X0.000000P-10224.MP3 • D:\MUSA\HETTIMUSIIKKI\VIIKATE - POHJOISTA VILJAA.MP3 • D:\HETTI\MUSA\EZKIMO FEAT. ESA PAKARINEN - TYT�T MOI.MP3 Options Scanning engines: • F-Secure Libra: 2.4.2, 2007-08-07 • F-Secure AVP: 7.0.171, 2007-08-08 • F-Secure Orion: 1.2.37, 2007-08-08 • F-Secure Blacklight: 1.0.64 • F-Secure Draco: 1.0.35, 2007-07-23 • F-Secure Pegasus: 1.19.0, 2007-07-05 Scanning options: • Scan all files • Scan inside archives • Use Advanced heuristics
tässähän nämä; f-securen jouduin aluksi keskeyttämään joten on kahdet tulokset Deckard's System Scanner v20070807.62 Run by Reijo Maukkonen on 2007-08-08 at 14:36:16 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 38: 2007-08-08 11:36:21 UTC - RP718 - Deckard's System Scanner Restore Point 37: 2007-08-08 11:31:28 UTC - RP717 - Installed Java(TM) 6 Update 2 36: 2007-08-08 11:25:37 UTC - RP716 - Removed Java(TM) SE Runtime Environment 6 Update 1 35: 2007-08-08 11:24:30 UTC - RP715 - Removed Java(TM) 6 Update 2 34: 2007-08-08 11:23:39 UTC - RP714 - Removed Java 2 Runtime Environment, SE v1.4.2_04 -- First Restore Point -- 1: 2007-07-09 13:42:46 UTC - RP681 - Järjestelmän tarkistuspiste Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Reijo Maukkonen.exe) ------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:37:29, on 8.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Ahead\InCD\InCD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Reijo Maukkonen\Työpöytä\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Reijo Maukkonen.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols/beta/fscax.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174149054001 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O24 - Desktop Component 0: (no name) - http://80.81.189.226/00/32/52/70/10952830.jpg -- End of file - 8708 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver> R1 fwdrv (Firewall Driver) - c:\windows\system32\drivers\fwdrv.sys <Not Verified; Sunbelt Software; > R1 khips (Kerio HIPS Driver) - c:\windows\system32\drivers\khips.sys <Not Verified; ; HIPS> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S2 PfModNT - c:\windows\system32\drivers\pfmodnt.sys (file missing) S3 catchme - c:\docume~1\reijom~1\locals~1\temp\catchme.sys (file missing) S3 EPPSCSIx (Agfa EPPSCSI Driver) - c:\windows\system32\drivers\eppscan.sys <Not Verified; EPPSCAN WDM Driver; EPPSCAN Parallel Port Device Driver> S3 SOCKFILT.DLL (Outpost Firewall PlugIn (SOCKFILT.DLL)) - c:\progra~1\agnitum\outpos~1.0\kernel\sockfilt.dll (file missing) S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service> R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F} Description: Device ID: ROOT\IMAGE\0000 Manufacturer: Name: PNP Device ID: ROOT\IMAGE\0000 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-08-08 14:36:59 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2007-07-08 and 2007-08-08 ----------------------------- 2007-08-06 11:28:25 0 d-------- C:\WINDOWS\ERUNT 2007-07-30 17:22:15 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> 2007-07-30 13:22:49 0 d-------- C:\Program Files\Trend Micro 2007-07-30 11:56:08 0 d-------- C:\fsaua.data 2007-07-23 20:12:37 0 d-------- C:\Program Files\Play65 2007-07-16 18:27:43 0 d-------- C:\Documents and Settings\Reijo Maukkonen\Application Data\BitTorrent 2007-07-15 20:44:13 0 d-------- C:\Documents and Settings\Reijo Maukkonen\Application Data\fretsonfire -- Find3M Report --------------------------------------------------------------- 2007-08-08 14:34:24 0 d-------- C:\Documents and Settings\Reijo Maukkonen\Application Data\Skype 2007-08-08 14:33:58 12346 --a------ C:\WINDOWS\system32\Tablet.dat 2007-08-08 14:32:00 0 d-------- C:\Program Files\Java 2007-08-08 14:05:28 0 d-------- C:\Documents and Settings\Reijo Maukkonen\Application Data\ZoomBrowser EX 2007-08-07 23:43:05 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-24 22:08:21 33664 --a------ C:\Documents and Settings\Reijo Maukkonen\Application Data\GDIPFONTCACHEV1.DAT 2007-07-11 08:31:52 366790 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-07-11 08:31:52 71114 --a------ C:\WINDOWS\system32\perfc00B.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12.08.2003 21:10] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03.06.2003 12:54] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [28.04.2007 19:59] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03.11.2006 19:20] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23.02.2007 00:31] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 02:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.exe.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.exe.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^TabUserW.exe.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\TabUserW.exe.lnk backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe -- End of Deckard's System Scanner: finished at 2007-08-08 at 14:39:15 --------- eckard's System Scanner v20070807.62 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6 CPU 0: AMD Athlon(tm) XP 2600+ Percentage of Memory in Use: 22% Physical Memory (total/avail): 2047.49 MiB / 1581.21 MiB Pagefile Memory (total/avail): 3434.23 MiB / 3106.55 MiB Virtual Memory (total/avail): 2047.88 MiB / 1968.36 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 19.53 GiB total, 5.83 GiB free. D: is Fixed (NTFS) - 92.25 GiB total, 75.89 GiB free. E: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: Kerio Personal Firewall v4.2.3 T (Kerio) AV: AVG 7.5.476 v7.5.476 (GRISOFT) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Reijo Maukkonen\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=REIJO-D7G3SWJ7Q ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Reijo Maukkonen LOGONSERVER=\\REIJO-D7G3SWJ7Q NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0801 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\REIJOM~1\LOCALS~1\Temp TMP=C:\DOCUME~1\REIJOM~1\LOCALS~1\Temp USERDOMAIN=REIJO-D7G3SWJ7Q USERNAME=Reijo Maukkonen USERPROFILE=C:\Documents and Settings\Reijo Maukkonen windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Reijo Maukkonen (admin) Järjestelmänvalvoja (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99CDAF0C-AF5D-422F-B469-33048A949994}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99CDAF0C-AF5D-422F-B469-33048A949994}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Aba Daba 1.31 --> C:\WINDOWS\UnGins.exe "D:\Pelit\abadaba\install.log" Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Illustrator 10 Tryout --> "C:\Program Files\InstallShield Installation Information\{0AC416C3-A600-4A98-B5E1-A629498241DB}\setup.exe" Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe Reader 6.0.1 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7646-A00000000001} Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL Ahead NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL ArcSoft Camera Suite 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9 ArcSoft PhotoBase 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini" Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini" Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini" Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini" Canon CanoScan Toolbox 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\CanoScan Toolbox Ver4.0\Uninst.isu" -c"C:\Program Files\Canon\CanoScan Toolbox Ver4.0\uninst.dll" Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" CANON iMAGE GATEWAY Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini" Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D} Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini" Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini" Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" CanoScan LiDE20,30 Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9 CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Citrix Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf Creative Mass Storage Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 /remove Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove Creative MuVo V200 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{903EC56F-EA7E-4309-B0E6-9F1AE22FCC08}\SETUP.EXE" -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove Creative Zen Nano Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER Downhill PAKOON! 2.Many Unlimited 2009 --> C:\WINDOWS\IsUninst.exe -fd:\pelit\pakoon\Uninst.isu Driver Detective --> MsiExec.exe /I{8A27828F-4647-4AC4-B0A6-1C83544E6056} EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Guitar Guru Version 2.0 --> "C:\Program Files\Musicnotes\GuitarGuru\unins000.exe" Guitar Pro 5.0 --> "D:\Guitar Pro\Guitar Pro 5\unins000.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} KCeasy 0.18 --> "C:\Program Files\KCeasy\uninstall.exe" Language Pack for Ad-aware 6 --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\INSTALL.LOG Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\Langs\INSTALL.LOG Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0xb -l000b UNINSTALL Logitech® Camera -ohjain --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Office XP Media Content --> MsiExec.exe /I{9030040B-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Professional --> MsiExec.exe /I{9111040B-6000-11D3-8CFE-0050048383C9} Microsoft Works 2000 --> MsiExec.exe /I{FB1BC4E2-766F-11D3-AF55-00C04F443448} Moorhuhn 4 Teile --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED1390DC-6910-4C77-97E2-579CAFE82F5B}\Setup.exe" -l0x7 Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0} Nokia Audio Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791C3198-6FCC-11D5-A624-00104B9B0A85}\setup.exe" -removeall OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94} Paint Shop Pro 7 Evaluation --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A} Play65 --> C:\Program Files\Play65\Play65.exe /uninstall Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{A990EAA7-8941-4621-BC27-4F16261D3180} Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Suomen linnut --> C:\WINDOWS\unin040b.exe -f"C:\Program Files\Suomen linnut\DeIsL2.isu" -cC:\PROGRA~1\SUOMEN~1\_ISREG32.DLL Tablet --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D643A9C5-EAAA-4681-8EDE-6B3462F3ACE3} /l1033 User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55} VBMahjongg --> C:\WINDOWS\uninst.exe -fd:\pelit\mahjongg\DeIsL1.isu -cd:\pelit\mahjongg\_ISREG32.DLL VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734} WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Word in Works Suite -apuohjelma --> MsiExec.exe /I{A7F038F2-8D39-11D3-A565-00C04F8923E9} -- Application Event Log ------------------------------------------------------- Event ID #29439: Success Event Submitted/Written: 08/08/2007 11:37:51 AM Event Source: usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event ID #29429: Error Event Submitted/Written: 08/07/2007 11:52:04 PM Event Source: Application Hang Event Description: Lukkiutunut sovellus explorer.exe, versio 6.0.2900.2180, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000. Event ID #29412: Warning Event Submitted/Written: 08/07/2007 07:11:12 PM Event Source: Userenv Event Description: Windows tallensi käyttäjän REIJO-D7G3SWJ7Q\Reijo Maukkonen rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä. Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi. Event ID #29407: Success Event Submitted/Written: 08/07/2007 02:23:27 PM Event Source: usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event ID #29363: Success Event Submitted/Written: 08/06/2007 10:57:08 PM Event Source: usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event ID #39699: Warning Event Submitted/Written: 08/08/2007 02:37:43 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {72D1D3B2-8107-44B5-AF70-8BC59E7DDDAA} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 Event ID #39698: Warning Event Submitted/Written: 08/08/2007 02:37:43 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {5C06B3EC-4F81-434B-B6BB-BDB520D2D22D} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 Event ID #39697: Warning Event Submitted/Written: 08/08/2007 02:37:43 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {86D50E5B-CEF9-4C23-A8B8-7DA4788B3C50} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 Event ID #39696: Warning Event Submitted/Written: 08/08/2007 02:37:40 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {5F8EC51B-B4F6-4C0F-A3B5-5D73DCF2A148} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 Event ID #39695: Warning Event Submitted/Written: 08/08/2007 02:37:40 PM Event Source: WinDefend Event Description: %REIJO-D7G3SWJ7Q27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %REIJO-D7G3SWJ7Q27 can't undo changes that you allow. For more information please see the following: %REIJO-D7G3SWJ7Q275 Scan ID: {CB45C112-C638-4EB5-8358-07D6A25C579C} User: REIJO-D7G3SWJ7Q\Reijo Maukkonen Name: %REIJO-D7G3SWJ7Q271 ID: %REIJO-D7G3SWJ7Q272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %REIJO-D7G3SWJ7Q276 Alert Type: %REIJO-D7G3SWJ7Q278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2007-08-08 at 14:39:15 --------- Scanning Report Monday, August 06, 2007 21:38:11 - 22:45:39 Computer name: REIJO-D7G3SWJ7Q Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ Result: 12 malware found Tracking Cookie (spyware) • System (Disinfected) • System • System • System • System • System • System • System • System • System • System • System Statistics Scanned: • Files: 206033 • System: 4302 • Not scanned: 10 Actions: • Disinfected: 1 • Renamed: 0 • Deleted: 0 • None: 11 • Submitted: 0 Files not scanned: • C:\PAGEFILE.SYS • C:\WINDOWS\SYSTEM32\BIOS1.ROM • C:\WINDOWS\SYSTEM32\DRIVERS\STMP3REC.SYS • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT • C:\WINDOWS\SYSTEM32\CONFIG\SAM • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG • C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB • C:\WINDOWS\INF\OEM33.INF Options Scanning engines: • F-Secure AVP: 7.0.171, 2007-08-06 • F-Secure Blacklight: 1.0.64 • F-Secure Draco: 1.0.35, 0260-23-12 • F-Secure Libra: 2.4.2, 2007-08-04 • F-Secure Orion: 1.2.37, 2007-08-06 • F-Secure Pegasus: 1.19.0, 2007-07-01 Scanning options: • Scan all files • Scan inside archives • Use Advanced heuristics Result: 0 malware found Statistics Scanned: • Files: 419402 • System: 4362 • Not scanned: 49 Actions: • Disinfected: 0 • Renamed: 0 • Deleted: 0 • None: 0 • Submitted: 0 Files not scanned: • C:\PAGEFILE.SYS • C:\WINDOWS\SYSTEM32\BIOS1.ROM • C:\WINDOWS\SYSTEM32\DRIVERS\STMP3REC.SYS • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT • C:\WINDOWS\SYSTEM32\CONFIG\SAM • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG • C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB • C:\WINDOWS\INF\OEM33.INF • C:\WINDOWS\.MPR_FILE_STORE_32\MAIN_FILE_CACHE.DAT • C:\WINDOWS\.MPR_FILE_STORE_32\VANHAT\MAIN_FILE_CACHE.DAT • C:\WINDOWS\.MPR_FILE_STORE_32\HYBRIDSCAPE\DATA\SELLABLE.DAT • C:\WINDOWS\.MPR_FILE_STORE_32\HYBRIDSCAPE\DATA\TRADEABLE.DAT • C:\WINDOWS\.MPR_FILE_STORE_32\HYBRIDSCAPE\DATA\TWOHANDED.DAT • C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT • C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2 • C:\RECYCLER\S-1-5-21-1606980848-764733703-1343024091-1004(2)\DC416.MP3 • C:\PROGRAM FILES\MICROSOFT GAMES\LINKS 2003 DEMO\HELP.HST • C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn • C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\SUPPORT.CAB • C:\PROGRAM FILES\AHEAD\INCD\DMA.BIN • C:\PROGRAM FILES\AHEAD\INCD\GAA.BIN • C:\PROGRAM FILES\AHEAD\INCD\LGC.BIN • C:\DOCUMENTS AND SETTINGS\ALL USERS.LOG • C:\DOCUMENTS AND SETTINGS\DEFAULT USER.LOG • C:\DOCUMENTS AND SETTINGS\TEMP\LOCAL SETTINGS\APPLICATION DATA\GDIPFONTCACHEV1.DAT • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\NTUSER.DAT • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\OMAT TIEDOSTOT\IMAGE.NRG • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{C83087B4-7DFC-40DE-BFB8-B28DF295D96E} • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\APPLICATION DATA\SKYPE\EEROHETTI\CALL256.DBB • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\APPLICATION DATA\SKYPE\EEROHETTI\CONTACTGROUP256.DBB • C:\DOCUMENTS AND SETTINGS\REIJO MAUKKONEN\APPLICATION DATA\MICROSOFT\CREDENTIALS\S-1-5-21-1606980848-764733703-1343024091-1004\CREDENTIALS • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT • C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT • C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\932C79EE46057627EAE2528B8A5C5D30_960A2F5F-E152-46BB-9D37-521BA78D0178 • D:\VALOKUVAT\KAMERASTA T�H�N\ZBTHUMBNAIL.INFO • D:\VALOKUVAT\KAMERASTA T�H�N\2007_08_07\ZBTHUMBNAIL.INFO • D:\VALOKUVAT\KAMERASTA T�H�N\2007_08_05\ZBTHUMBNAIL.INFO • D:\VALOKUVAT\KAMERASTA T�H�N\2007_08_01\ZBTHUMBNAIL.INFO • D:\MUSA\VAARA !\NRJ ILTAP30X0.000000P-10224IV30X1.4A4010P-9084T - PARODIA - JULKKIS.MP3 • D:\MUSA\REPEN MUSA\REPEN MUSA\POPEDA\POPEDA - M� EL�N VIEL�KIN.MP3 • D:\MUSA\NOKIA\KAIKKI BIISIT\MATT POKORA ET RICKY MARTIN - IT'S ALRIGHT.MP3 • D:\MUSA\NOKIA\KAIKKI BIISIT\VALVOMO - MIK3-0X1.#QNAN0P+04 KES30X0.000000P-10224.MP3 • D:\MUSA\HETTIMUSIIKKI\VIIKATE - POHJOISTA VILJAA.MP3 • D:\HETTI\MUSA\EZKIMO FEAT. ESA PAKARINEN - TYT�T MOI.MP3 Options Scanning engines: • F-Secure Libra: 2.4.2, 2007-08-07 • F-Secure AVP: 7.0.171, 2007-08-08 • F-Secure Orion: 1.2.37, 2007-08-08 • F-Secure Blacklight: 1.0.64 • F-Secure Draco: 1.0.35, 2007-07-23 • F-Secure Pegasus: 1.19.0, 2007-07-05 Scanning options: • Scan all files • Scan inside archives • Use Advanced heuristics
Moro onks ongelmia taustakuvan kanssa? jos ei nii.. ====== Pysy puhtaana -> Tyhjennä järjestelmänpalautus Ohjeet Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja. ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
