1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

hjt-logi tarkistukseen

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Okkocha 06.08.2007.

  1. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    avast puskee virusvaroitusta niin paljon ettei ikkunoita kerkeä sulkea sitä mukaa. Otsikkona on "Epäilyttävä viesti!" ja tekstiosiossa "Liian monta identtistä viestiä määritellyssä ajassa". Spybot, Ad-aware eikä avastin virustarkistus ole auttaneet. Pikaista apua kaipailen. Tässä hjt-logi...

    Logfile of HijackThis v1.99.1
    Scan saved at 19:51:21, on 6.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Sony kamera\Picture Package Menu\SonyTray.exe
    D:\Sony kamera\Picture Package Applications\Residence.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\BRMFRSMG.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Omistaja\LOCALS~1\Temp\winlogon.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
  2.  
  3. Hujo

    Hujo Guest

    Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
    " Käynnistä tietokone
    " Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
    " Seuraavaksi pitäisi ilmestyä valikko
    " Valitse valikosta vikasietotila.

    " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    " Paina Y käynnistääksesi skriptin.
    " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
     
  4. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    pieni väliongelma: vikasietotilaan yrittäessä tulee vaihtoehdot Maxtor 6Y120L0, HL-DT-ST RW/DVD, 1st Floppy drive ja network card. Vikasietotila vaihtoehtoa ei ole, joten onkohan se joku nuista?
     
  5. Hujo

    Hujo Guest

    tees tuon F8 sijasta naputtelet F5
     
  6. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    F5 ei tapahdu mitään. F8 sentään aukeaa se valikko, jossa nuo edellämainitsemat vaihtoehdot. Oiskos se vikasietotila jokin niistä. Mitäs nyt teksisin... menipäs vaikeaksi.
     
  7. Hujo

    Hujo Guest

    koitas sitten tuolla

    Käynnistä > suorita kirjoita msconfig > ok

    Aukeaa ikkuna

    klikkaa Boot.ini välilehteä
    täppi kohtaan ¤ / SAFEBOOT
    Käytä ja Sulje

    Käynnistä uudelleen nappi

    Annetut tehtävät suoritettu

    Käynnistä > suorita kirjoita msconfig > ok

    Aukeaa ikkuna

    Laita täppi kohtaan > Normaali käynnistys – Lataa kaikki laiteohjelmat palvelut

    Käytä ja Sulje

    Käynnistä uudelleen nappi
     
  8. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    no nyt toimii. Tässä olis nyt SDfix report


    SDFix: Version 1.96

    Run by Omistaja on ma 06.08.2007 at 22:42

    Microsoft Windows XP [versio 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    SysLibrary

    ImagePath:
    \??\C:\WINDOWS\system32\DefLib.sys

    SysLibrary - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\Omistaja\new.txt - Deleted
    C:\DOCUME~1\Omistaja\LOCALS~1\Temp\winlogon.exe - Deleted
    C:\WINDOWS\system32\DefLib.sys - Deleted
    C:\WINDOWS\system32\libcintles3.dll - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
    "D:\\pelej„\\Freeciv\\Freeciv-gtk2-2.0.7\\civserver.exe"="D:\\pelej„\\Freeciv\\Freeciv-gtk2-2.0.7\\civserver.exe:*:Disabled:civserver"
    "C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\Okko\\ESBC pokeri\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\Okko\\ESBC pokeri\\jre\\bin\\javaw.exe:*:Disabled:javaw"
    "C:\\Program Files\\B2BPOKER\\ESBC pokeri\\jre\\bin\\javaw.exe"="C:\\Program Files\\B2BPOKER\\ESBC pokeri\\jre\\bin\\javaw.exe:*:Disabled:javaw"
    "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"="C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe:*:Enabled:Kernel Executable"
    "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Disabled:Resurssienhallinta"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\WINDOWS\system32\Tools\All.exe
    C:\WINDOWS\system32\Tools\Change.exe
    C:\WINDOWS\system32\Tools\CheckPath.exe
    C:\WINDOWS\system32\Tools\Counter.exe
    C:\WINDOWS\system32\Tools\DelFolders.exe
    C:\WINDOWS\system32\Tools\DirectSetup.exe
    C:\WINDOWS\system32\Tools\RegClean.exe
    C:\WINDOWS\system32\Tools\Regexe.exe
    C:\WINDOWS\system32\Tools\Restart.exe
    C:\WINDOWS\system32\Tools\RunRegexe.exe
    C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

    Finished

    ...ja hjt-logi

    Logfile of HijackThis v1.99.1
    Scan saved at 22:56:19, on 6.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\BRMFRSMG.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Sony kamera\Picture Package Menu\SonyTray.exe
    D:\Sony kamera\Picture Package Applications\Residence.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe




     
  9. Hujo

    Hujo Guest

    ajas tuosta

    1. Lataa tästä poistotyökalu ja tallenna se työpöydällesi http://sosvirus.changelog.fr/MSNFix.zip
    2. Pura se MSNFix kansioon
    3. Avaa kansio ja käynnistä MSNFix.bat
    4. Valitse haluamasi kieli ikkunassa näkyvästä listasta kirjoittamalla joku niistä kirjaimista ja paina ENTER. E = englanti
    5. Kirjoita seuraavaksi R kirjain ja paina ENTER käynnistääksesi virushaun.
    6. Sen jälkeen paina uusiksi ENTER poistaaksesi työkalun löytämät tiedostot.

    laita tästä myös se loki
     
    Moderaattorin viimeksi muokkaama: 06.08.2007
  10. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    ja tässä loki...

    MSN_Fix 1.456

    C:\Documents and Settings\Omistaja\Ty”p”yt„\MSNFix\MSNFix
    Scan done at ma 06.08.2007 - 23:06:40,76 By Omistaja
    normal mode

    ************************ Checking Files

    ... C:\??.tmp
    ... C:\???.tmp
    ... C:\WINDOWS\SiSport.sys

    ************************ Checking Folders

    ... C:\Temp\




    ************************ Deleting malware Files

    .. OK ... C:\??.tmp
    .. OK ... C:\???.tmp
    .. OK ... C:\WINDOWS\SiSport.sys


    ************************ Deleting malware Folders

    .. OK ... C:\Temp\


    ************************ Registry Cleaning



    ************************ Suspect Files

    No files found


    The File and Registry deletions have been saved in ma 06.08.2007_23073406.zip


    ------------------------------------------------------------------------
    Author : !aur3n7 Contact: http://www.changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

     
  11. Hujo

    Hujo Guest

    Scannaa koneesi Kaspersky Online Scannerin

    Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
    " Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
    " Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
    " Klikkaa nyt asetuksia, Scan Settings
    " Tarkista asetuksista, että seuraavat ovat valittuina:
    o Scan using the following Anti-Virus database:
    + Extended (Jos valittavissa, muuten valitse Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
    " Klikkaa OK
    " Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
    " Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
    " Klikkaa nyt Save as Text-painiketta.
    " Tallenna tiedosto työpöydällesi.
    " Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.
     
  12. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    suuret kiitokset avusta! Palaan asiaan jos Kaspersky löytää vielä jotain epäilyttävää. Ongelmat ainakin vaikuttavat poistuneen, kiitos siitä.
     
  13. Hujo

    Hujo Guest

    Tuosta vielä helpottaa käynnistymistä

    Käynnistä > suorita kirjoita msconfig > ok
    Käynnistys välilehti

    Ota alla olevien edestä ruksi pois

    SiSUSBrg
    LogiTray
    SSBkgdupdate
    pptd40nt
    IndexSearch
    BrStDvPt
    brctrcen
    QTTask
    jusched
    ManifestEngine

    käytä ja ok
    Käynnistä kone uudelleen ja laita pikkuseen neliöön ruksi ja paina sitten vasta ok
     
  14. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    Kiitokset näistäkin ohjeista!
     
  15. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    Tässäpä olisi vielä Kasperskyn löytämiä ongelmia. Näiden poistoon jos saisin vielä ohjeet.

    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, August 07, 2007 10:19:28 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 6/08/2007
    Kaspersky Anti-Virus database records: 376190


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics
    Total number of scanned objects 61522
    Number of viruses found 8
    Number of infected objects 17 / 0
    Number of suspicious objects 4
    Duration of the scan process 01:38:00

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00d045ada547195a01bb3073ed8e89f5_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01102a671906d412222aca57e7c6abda_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\013d8107f401e32561784a80f01cfda0_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\028f18348854dc49aae58cdcce3e52fb_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\032b1cb8f0d362070f1f9b10fe116a71_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03da43ae894fb7e6b76315d4689aa5d4_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\071d198359b8d1619f7cdc86c3d1db3c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07a5269a7c9e43e2bd8a33bf1200c0ad_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08cba346554b541484f8cb7175ace092_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d52969bed32a831ba257049e93b0be2_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0de8a1ab48667ad26e0298abe30ec56a_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fc6100ae805b4ef92ba883920c82e76_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1374c9bcca5d95a43406478652e41ffc_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1469619ffbed446891a79ec26e76e9e8_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\164f43cfdc7169e12adc23819dd0bc3d_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\173b743aaafebfc855ee8d7c8735f5ff_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\190b5acd5d7e1b38b23e6bbc6609ff38_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19adbfba6820392b6830166e24d29454_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a7398ec9f5a7f4f2bcf6f46c909ad0c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a9842d02e7529698512c84686a2737f_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d54342cf25abdaecd391491d828e3c5_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ea901c741cd1d3e1514613a2b052a97_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ec03b54613abeca179cb4d3b4c141d3_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21cc09381894ae25a63a954c5a83677b_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\224cd14c4e3f750f1cd51fef6d32a460_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22bcb0148b876b1051828c69b9fb6280_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22f45b0a40920a5c6816b35c41aa57ae_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25513fcfa412a9a201e91784db0717bf_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2695126596ed95c177c7f295208447b1_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26bb9c63a5f6fe07da6d1ba8b420d0b4_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2a0869b61bd46d1735b2bc57aac6da56_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2ee2463cfafe694990b6d6ea1f96a761_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f13b05f645abb044680148f9167ed12_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\308555ca1289336c998a28cb0ed41614_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3193dcd7a1f224147d50cf775813d68f_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32d4767117c07e43e9ecb7d98c31c160_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34441535a19ea83980f8bcd67fc1fb16_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\376fb027380e003dc877bb0cec5a65c9_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b87cf2fd74fbeb609cc45fc881a29ef_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d311dc2c5fa9cc286dd4352b643c7e7_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fd810675f82de7a8cc041bd27f46e5a_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\404e747cdf40daf9fbcaa90c4da83552_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\41a348dd6e8bba0012b3ec22c7680fbf_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4260798529b71b99ac89a4a13f973149_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42c7a83d26b34d4450b84941b3f5c6a6_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44b3715f23e47eeeeae65ad5d32341a6_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45a3498cf8f735eb3d7ec5555f4340e5_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47e80e6c3e5275aac910e467acd5b3ae_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49f46ee31e5bf84d7a185d7553587c91_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4acefc5159f9fa7ba1629d00cb7625e8_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4bcb95b919370998f058734ebc4b6d7d_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4cbd2f0b34b9802a9efa7e8ddbfbec08_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5174dac5cf8d2c199afa331d3a40b3b8_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\521e86c8b0e45ab88cd6214d90ebdd01_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5790bfc8581e8f54d4d30b8a555aa96e_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5827993d44a773e2e41662eb4691d1bc_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\594d961cd5eb1bb6c1e6e1705d0ba5f6_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a633ae2330850093433e9328a0cff82_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e9f1415c85e39fcd169e3b16c02a2de_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f77ce599fee0992c874ccb163724bc1_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\64f3043b0b7306b233605893a0a8b675_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67f9825c17b50b0ac3f2d09bd56768fc_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69890e7693b1325eb5a3f911056538c9_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c240e7ed672991677f3dcf3272d41af_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e388389b79698c651c7890d38bdd583_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6fa76d9a525755b85504f521c81f262f_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\715eea86fb68e767baec01f2f7cc401c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\72060d4edbb873ae6a690e702a20b20f_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76c7bb4e0cbc711b77500d15d68cb247_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76d74386e0e3fe7cb286419504e9441b_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d20d3ce1e3ef0a6e12ca47ba324e1ca_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fe924d3e7b238498cbec8ac4f0ab5f2_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7feffb2a9697bbbf68025afaa2472a49_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80f7a75a04fc4807ef09728774dbed7f_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83ae0ded80e9f0b3a6996959540fd623_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83c0eafb214bc06cfdf89f19037a7cfe_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83c8f0e5871f317893c1c89de272dc2c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\842d342a8a51f991047880345e5d09ed_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8473a3ed360d7b33c18d5863107a1587_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8679355b68f88c05b2fbc6ae1257a63f_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\888899d151c9dfe6683149d441933b8a_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8f6407f0919c7e36eb404cdd7a10b00f_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90321235858f4f8bf1557382ceae7e1d_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\932768edeae92588b5ba03b7caeb81ea_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94ca08eeeee2a58cf4bb0c5b4a779f4b_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\976175f5605f588dd2bd6afab0161fac_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\988f96be0611bd39b20b40ca6bb41d8c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ac4cc1e74b0ed8a0f8a32ddb24173fe_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ee7d71607fbc5ba4e0e8fc89b2ca727_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1766b6b3d935f347416c800c27cff6a_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a49943739df2f6408d14eca684c176af_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a633ca1fd62bfdbd0f385f52034b2930_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9bc5d692f20d1c16c7052cbeb4ec415_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa938ec190122a8e120ade8ee2dfa489_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\adc99cd92378c50ab102281afd8eb4a4_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae4dbd1e390bf9d0cff1a43ba65b04ea_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af2f6a97eb6edb8d43273752daa45e56_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b07f7592e8dcc777ad27778cd59628af_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2a2e4e7abfca77403e92b415066cf82_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5505aa13d0a380e0c52aadb8f5f546c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b5a6d05d0cfd37577e91eaedfc8d3763_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6738b25a34b8816e7575c92ab375a1c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b72c7c4ed43177b8adf027cc319b6c95_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7bc8664360e1f248141212ad7533306_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9b3a466c28570a307eaa645b93452c6_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd6f724d55eb9f020e392d6f4ab2f874_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3dd70c7f7a55eec9cfa05daa7a31b44_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c432d523d57cd2f410cce67bf1f4ab2b_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4a76bdc6df0f2cd6330922768de7a4c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5f9b16c20e4d1cc4fde01c0d4a47c69_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c646950db403ad9c4b5b96fa0f3968f4_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7bb5255280666bfc023b56985aad44e_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb1b08a635454009b817cc95c657cca1_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd19cc075a39913a65a5561c06663f22_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd2ce3ccc75539d67ffa8d0b64a92c68_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0897a6eced61ab1a318c516754a099b_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d67ed838d7ca90eca58327f816187e22_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8e27980ed47987613d771383f30665c_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d90ea8be8d77df6f4dd4349d832ecd30_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9cf5572e560891bdcd30888b72a65d2_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dac48481f53cefc0b2e05992f98c3b93_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd0f74195a558d0a7fc633dbac7b3f41_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd44684b4b430a8eb8bfbdda63614e49_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9822e6665a1bde0bc75feb049f5e631_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb996039c3a028966f471ba061f49e19_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec78c6678b266d5cb8dc0b30c5be20e5_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed2e07f2c34ea83382d58e897235ed59_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f67358aa0e813db51e710208501d4a76_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fccb4c5e5b886d5ddfbb86c26ef9b1c6_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fddb8c96dbbb0f2523cab497220dc157_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe0a8a06d9d55f869716d7af7b3c2650_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fec74aba04f34669368110b1c9afa2bc_eb4ad4e0-1ae6-4797-b7a1-e669568b30eb Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01022007-152402.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip/backWeb-8876480.exe Suspicious: Password-protected-EXE skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip ZIP: suspicious - 1 skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoAXObject.zip/uninst.exe Suspicious: Password-protected-EXE skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoAXObject.zip ZIP: suspicious - 1 skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\929tybla.default\cert8.db Object is locked skipped

    C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\929tybla.default\history.dat Object is locked skipped

    C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\929tybla.default\key3.db Object is locked skipped

    C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\929tybla.default\parent.lock Object is locked skipped

    C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\929tybla.default\search.sqlite Object is locked skipped

    C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\929tybla.default\urlclassifier2.sqlite Object is locked skipped

    C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\6.0\0\7d5e6700-4fbc9f4d Infected: Trojan-Downloader.Java.OpenStream.y skipped

    C:\Documents and Settings\Omistaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-36d0e9c1-212ce1cd.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

    C:\Documents and Settings\Omistaja\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9AEF4704-8AF2-45E8-B7F9-0A5E305AABC9} Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\929tybla.default\Cache\_CACHE_001_ Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\929tybla.default\Cache\_CACHE_002_ Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\929tybla.default\Cache\_CACHE_003_ Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\929tybla.default\Cache\_CACHE_MAP_ Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Temp\~DF7B75.tmp Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Temp\~DFD70.tmp Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\Y5F81O3U\503[1].exe Infected: Trojan-Proxy.Win32.Small.du skipped

    C:\Documents and Settings\Omistaja\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Omistaja\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\report\Taustasuojaus.txt Object is locked skipped

    C:\SDFix\backups\backups.zip/backups/DefLib.sys Infected: Trojan.Win32.Agent.asu skipped

    C:\SDFix\backups\backups.zip/backups/libcintles3.dll Infected: Backdoor.Win32.IRCBot.acd skipped

    C:\SDFix\backups\backups.zip/backups/winlogon.exe Infected: Trojan-Proxy.Win32.Small.du skipped

    C:\SDFix\backups\backups.zip ZIP: infected - 3 skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{378C651D-DE27-4FB9-B050-277C9B6AF77C}\RP882\A0097128.sys Infected: Trojan.Win32.Agent.asu skipped

    C:\System Volume Information\_restore{378C651D-DE27-4FB9-B050-277C9B6AF77C}\RP882\A0097129.dll Infected: Backdoor.Win32.IRCBot.acd skipped

    C:\System Volume Information\_restore{378C651D-DE27-4FB9-B050-277C9B6AF77C}\RP882\A0097144.sys Infected: Trojan.Win32.Agent.asu skipped

    C:\System Volume Information\_restore{378C651D-DE27-4FB9-B050-277C9B6AF77C}\RP882\A0097145.dll Infected: Backdoor.Win32.IRCBot.acd skipped

    C:\System Volume Information\_restore{378C651D-DE27-4FB9-B050-277C9B6AF77C}\RP882\A0097146.exe Infected: Trojan-Proxy.Win32.Small.du skipped

    C:\System Volume Information\_restore{378C651D-DE27-4FB9-B050-277C9B6AF77C}\RP882\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\Temp\Perflib_Perfdata_4f4.dat Object is locked skipped

    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    E:\AT91työasemat\Etäyhteydet ja tiedonsiirto\Etäyhteys\VNC\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped

    E:\AT91työasemat\Etäyhteydet ja tiedonsiirto\Etäyhteys\VNC\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped

    E:\AT91työasemat\Etäyhteydet ja tiedonsiirto\Etäyhteys\VNC\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped

    E:\AT91työasemat\Etäyhteydet ja tiedonsiirto\Etäyhteys\VNC\tightvnc-1.3dev6-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped

    E:\AT91työasemat\Etäyhteydet ja tiedonsiirto\Etäyhteys\VNC\tightvnc-1.3dev6-setup.exe Inno: infected - 1 skipped

    Scan process completed.
     
  16. Auttaja

    Auttaja Guest

    Lataa ATF Cleaner
    http://www.atribune.org/ccount/click.php?id=1

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
    Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
    Klikkaa Empty Selected valintaa taas.
    HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

    ========

    -> Tyhjennä järjestelmänpalautus Ohjeet
    Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä

    ========

    Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:

    Comodo
    Kerio
    Zonealarm

    ========

    Lataa Deckard's System Scanner Työpöydällesi.

    Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

    [*]Sulje kaikki avoimet ikkunat ja ohjelmat.
    [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
    [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
    [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
    [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
     
  17. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    järjestelmän palautusjutskan tarkistin f-securen online scannerilla, mutta mitään ei löytynyt. Tässä olisi nyt Deckard's System Scannerin raportit.

    Deckard's System Scanner v20070804.61
    Run by Omistaja on 2007-08-08 at 00:34:20
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 2 Restore Point(s) --
    2: 2007-08-07 21:34:25 UTC - RP2 - Deckard's System Scanner Restore Point
    1: 2007-08-07 21:12:34 UTC - RP1 - Järjestelmän tarkistuspiste


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 480 MiB (512 MiB recommended).


    -- HijackThis (run as Omistaja.exe) --------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 0:35:22, on 8.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\BRMFRSMG.EXE
    D:\Sony kamera\Picture Package Menu\SonyTray.exe
    D:\Sony kamera\Picture Package Applications\Residence.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Omistaja\Työpöytä\dss.exe
    C:\HIJACK~1\Omistaja.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Diskeeper - "c:\program files\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-08-08 00:30:19 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2007-08-07 23:43:25 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-07-08 and 2007-08-08 -----------------------------

    2007-08-08 00:27:13 0 d-------- C:\Documents and Settings\Omistaja\Application Data\Comodo
    2007-08-08 00:27:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
    2007-08-08 00:24:55 0 d-------- C:\Program Files\Comodo
    2007-08-07 21:14:22 50688 --a------ C:\Program Files\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
    2007-08-06 23:33:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-08-06 22:41:27 0 d-------- C:\WINDOWS\ERUNT
    2007-08-06 22:36:13 0 d-------- C:\WINDOWS\pss
    2007-08-06 21:41:02 0 d-------- C:\Documents and Settings\Omistaja\Ty÷p÷ytõ
    2007-08-06 19:43:13 0 d-------- C:\Hijackthis
    2007-08-06 19:37:54 488144 --a------ C:\HJTsetup.exe <Not Verified; Soeperman Enterprises Ltd; >
    2007-08-06 17:04:18 0 d-------- C:\Program Files\Common Files\Java
    2007-07-30 14:16:53 5548 --a------ C:\Documents and Settings\Omistaja\pxsheu.exe
    2007-07-30 14:10:16 5548 --a------ C:\Documents and Settings\Omistaja\djnurk.exe
    2007-07-30 14:03:33 5548 --a------ C:\Documents and Settings\Omistaja\yflmsn.exe
    2007-07-30 13:57:01 5548 --a------ C:\Documents and Settings\Omistaja\nnlbpb.exe
    2007-07-30 13:50:14 5547 --a------ C:\Documents and Settings\Omistaja\icjure.exe
    2007-07-30 13:43:34 5548 --a------ C:\Documents and Settings\Omistaja\oqzaiu.exe
    2007-07-30 13:36:53 5548 --a------ C:\Documents and Settings\Omistaja\jgktom.exe
    2007-07-30 13:30:13 5548 --a------ C:\Documents and Settings\Omistaja\htjayo.exe
    2007-07-30 13:23:33 5548 --a------ C:\Documents and Settings\Omistaja\djwgqn.exe
    2007-07-30 13:16:54 5548 --a------ C:\Documents and Settings\Omistaja\tpaxau.exe
    2007-07-30 13:10:35 5548 --a------ C:\Documents and Settings\Omistaja\ezqmhd.exe
    2007-07-30 13:03:33 5548 --a------ C:\Documents and Settings\Omistaja\cbtzse.exe
    2007-07-30 12:57:01 5547 --a------ C:\Documents and Settings\Omistaja\ndpuzf.exe
    2007-07-30 12:50:13 5548 --a------ C:\Documents and Settings\Omistaja\rgacsl.exe
    2007-07-30 12:43:34 5548 --a------ C:\Documents and Settings\Omistaja\pronar.exe
    2007-07-30 12:37:06 5548 --a------ C:\Documents and Settings\Omistaja\kkxcob.exe
    2007-07-30 12:30:13 5548 --a------ C:\Documents and Settings\Omistaja\gkpreo.exe
    2007-07-30 12:23:43 5548 --a------ C:\Documents and Settings\Omistaja\rtxfuc.exe
    2007-07-30 12:16:51 5548 --a------ C:\Documents and Settings\Omistaja\npgrtm.exe
    2007-07-30 12:10:15 5548 --a------ C:\Documents and Settings\Omistaja\uzgiku.exe
    2007-07-30 12:03:32 5548 --a------ C:\Documents and Settings\Omistaja\ywuqyr.exe
    2007-07-30 11:57:03 5548 --a------ C:\Documents and Settings\Omistaja\jykkuc.exe
    2007-07-30 11:50:11 5548 --a------ C:\Documents and Settings\Omistaja\mxning.exe
    2007-07-30 11:43:35 5548 --a------ C:\Documents and Settings\Omistaja\stbwjj.exe
    2007-07-30 11:36:49 5548 --a------ C:\Documents and Settings\Omistaja\yhpxuf.exe
    2007-07-30 11:30:10 5548 --a------ C:\Documents and Settings\Omistaja\zvwavy.exe
    2007-07-30 11:23:51 5548 --a------ C:\Documents and Settings\Omistaja\ukibbq.exe
    2007-07-30 11:16:49 5548 --a------ C:\Documents and Settings\Omistaja\aqfasg.exe
    2007-07-30 11:10:16 5548 --a------ C:\Documents and Settings\Omistaja\ygrfzl.exe
    2007-07-28 18:15:53 0 d-------- C:\Program Files\Common Files\Apple
    2007-07-28 18:15:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-08-08 00:27:45 0 d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
    2007-08-07 16:47:17 0 d-------- C:\Program Files\Unibet
    2007-08-07 16:26:45 0 d-------- C:\Documents and Settings\Omistaja\Application Data\Microgaming
    2007-08-06 17:05:03 0 d-------- C:\Program Files\Java
    2007-08-06 17:04:18 0 d-------- C:\Program Files\Common Files
    2007-07-28 18:59:31 0 d-------- C:\Program Files\iTunes
    2007-07-28 18:58:43 0 d-------- C:\Program Files\iPod
    2007-07-28 18:53:16 0 d-------- C:\Program Files\QuickTime
    2007-07-28 18:22:27 0 d-------- C:\Program Files\Apple Software Update
    2007-07-16 14:19:49 0 d-------- C:\Documents and Settings\Omistaja\Application Data\Skype
    2007-06-14 20:57:14 0 d-------- C:\Program Files\Windows Media Connect 2
    2007-06-11 12:53:46 65 --a------ C:\WINDOWS\system32\BD7420.dat
    2007-06-11 12:52:53 0 d-------- C:\Program Files\Brother
    2007-06-11 12:51:54 0 d-------- C:\Program Files\Common Files\InstallShield
    2007-06-11 12:51:33 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-11 12:40:10 0 --a------ C:\WINDOWS\system32\Biport
    2007-05-22 19:34:53 4960 --a----c- C:\WINDOWS\mozver.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [02.09.2004 08:47 C:\WINDOWS\system32\SiSPower.dll]
    "Cmaudio"="cmicnfg.cpl" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28.07.2007 01:03]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [21.05.2004 19:11]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [01.06.2004 11:09]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03.11.2006 19:20]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10.07.2007 09:18]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [08.08.2007 00:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 15:00]
    "LDM"="\Program\BackWeb-8876480.exe" []

    C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2.12.2006 0:32:46]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 23:05:26]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [26.5.2005 19:02:26]
    Picture Package Menu.lnk - D:\Sony kamera\Picture Package Menu\SonyTray.exe [26.7.2006 12:47:57]
    Picture Package VCD Maker.lnk - D:\Sony kamera\Picture Package Applications\Residence.exe [26.7.2006 12:47:52]
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [8.3.2005 17:16:47]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{716002db-288c-4bf0-80cd-a467e78d8b55}"= C:\WINDOWS\system32\dxovx.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
    C:\WINDOWS\SiSUSBrg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    *Newly Created Service* - CMDAGENT
    *Newly Created Service* - CMDMON
    *Newly Created Service* - INSPECT



    -- End of Deckard's System Scanner: finished at 2007-08-08 at 00:37:57 ---------




    Deckard's System Scanner v20070804.61
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

    CPU 0: AMD Athlon(tm) MP
    Percentage of Memory in Use: 67%
    Physical Memory (total/avail): 479.36 MiB / 154.41 MiB
    Pagefile Memory (total/avail): 1074.02 MiB / 812.54 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1968.07 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 24.41 GiB total, 15.71 GiB free.
    D: is Fixed (NTFS) - 87.89 GiB total, 41.72 GiB free.
    E: is Fixed (FAT32) - 2.18 GiB total, 1.51 GiB free.
    F: is CDROM (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is Removable (No Media)


    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.

    FW: COMODO Firewall Pro v2.3.035 (COMODO)
    AV: avast! antivirus 4.7.1029 [VPS 000764-1] v4.7.1029 (ALWIL Software)

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
    "D:\\pelejä\\Freeciv\\Freeciv-gtk2-2.0.7\\civserver.exe"="D:\\pelejä\\Freeciv\\Freeciv-gtk2-2.0.7\\civserver.exe:*:Disabled:civserver"
    "C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\Okko\\ESBC pokeri\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\Omistaja\\Omat tiedostot\\Okko\\ESBC pokeri\\jre\\bin\\javaw.exe:*:Disabled:javaw"
    "C:\\Program Files\\B2BPOKER\\ESBC pokeri\\jre\\bin\\javaw.exe"="C:\\Program Files\\B2BPOKER\\ESBC pokeri\\jre\\bin\\javaw.exe:*:Disabled:javaw"
    "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"="C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe:*:Enabled:Kernel Executable"
    "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Disabled:Resurssienhallinta"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Omistaja\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=AMD2800
    ComSpec=C:\WINDOWS\system32\cmd.exe
    DiskeeperIcon=C:\Program Files\Executive Software\DiskeeperLite\
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Omistaja
    LOGONSERVER=\\AMD2800
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Executive Software\DiskeeperLite\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0a00
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Omistaja\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Omistaja\LOCALS~1\Temp
    USERDOMAIN=AMD2800
    USERNAME=Omistaja
    USERPROFILE=C:\Documents and Settings\Omistaja
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Omistaja (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
    --> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0xb -uninst
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 7.0.9 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70900000002}
    Apple Mobile Device Support -tuki --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
    Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
    C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
    Coda codec pack --> "C:\WINDOWS\UN_CODA.EXE"
    COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
    Diskeeper Lite --> MsiExec.exe /I{F09FB343-2806-4F48-846D-705352D30334}
    EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
    ffdshow [rev 756] [2007-01-09] --> "C:\Program Files\ffdshow\unins000.exe"
    First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}\setup.exe" -l0x9 UNINSTALL
    Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    Hattrick Forever 4.3.0.82 --> "C:\Program Files\Hattrick Forever\unins000.exe"
    Hijackthis 1.99.1 --> "C:\Hijackthis\unins000.exe"
    HijackThis 1.99.1 --> C:\Hijackthis\HijackThis.exe /uninstall
    Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
    iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1035
    iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1035
    iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
    IZArc 3.5 beta 2 --> "C:\Program Files\IZArc\unins000.exe"
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
    Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0xb UNINSTALL
    Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
    Logitech QuickCam --> MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
    Logitech® Camera -ohjain --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
    Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{9084040B-6000-11D3-8CFE-0150048383C9}
    Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040B-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{9085040B-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    OLYMPUS CAMEDIA Master 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
    OpenOffice.org 2.1 --> MsiExec.exe /I{BE95E3BD-323B-46CC-AE78-8C9248A5BD78}
    PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
    Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
    Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    RadLight 4.0 FINAL --> C:\Program Files\RadLight Company\RadLight 4.0\uninst.exe
    SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
    SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
    Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
    Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    The Sims 2 --> D:\pelejä\EA GAMES\The Sims 2\TÄMÄ NÄIN\EAUninstall.exe
    Unibet Poker --> C:\PROGRA~1\UNIBET~1\UNIBET~1\UNWISE.EXE C:\PROGRA~1\UNIBET~1\UNIBET~1\INSTALL.LOG
    Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
    Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
    XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


    -- Application Event Log -------------------------------------------------------

    Event ID #14352: Warning
    Event Submitted/Written: 08/08/2007 00:25:59 AM
    Event Source: Userenv
    Event Description:
    Windows tallensi käyttäjän AMD2800\Omistaja rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


    Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

    Event ID #14351: Warning
    Event Submitted/Written: 08/08/2007 00:25:50 AM
    Event Source: Userenv
    Event Description:
    Windows ei voi poistaa luokkien rekisteritiedostoa muistista, koska toiset sovellukset tai palvelut käyttävät yhä kyseistä tiedostoa. Tiedosto poistetaan muistista, kun sitä ei enää käytetä .

    Event ID #14347: Warning
    Event Submitted/Written: 08/08/2007 00:13:50 AM
    Event Source: Userenv
    Event Description:
    Windows tallensi käyttäjän AMD2800\Omistaja rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


    Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

    Event ID #14346: Warning
    Event Submitted/Written: 08/08/2007 00:13:41 AM
    Event Source: Userenv
    Event Description:
    Windows ei voi poistaa luokkien rekisteritiedostoa muistista, koska toiset sovellukset tai palvelut käyttävät yhä kyseistä tiedostoa. Tiedosto poistetaan muistista, kun sitä ei enää käytetä .

    Event ID #14338: Warning
    Event Submitted/Written: 08/07/2007 09:20:31 PM
    Event Source: Userenv
    Event Description:
    Windows tallensi käyttäjän AMD2800\Omistaja rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.


    Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event ID #71917: Warning
    Event Submitted/Written: 08/08/2007 00:35:37 AM
    Event Source: WinDefend
    Event Description:
    %AMD280027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AMD280027 can't undo changes that you allow.

    For more information please see the following:
    %AMD2800275

    Scan ID: {1386BCCA-4725-4016-ACA3-C7A61B60C8E8}

    User: AMD2800\Omistaja

    Name: %AMD2800271

    ID: %AMD2800272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %AMD2800276

    Alert Type: %AMD2800278

    Detection Type: 1.1.1593.02

    Event ID #71916: Warning
    Event Submitted/Written: 08/08/2007 00:35:37 AM
    Event Source: WinDefend
    Event Description:
    %AMD280027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AMD280027 can't undo changes that you allow.

    For more information please see the following:
    %AMD2800275

    Scan ID: {0DEFB10F-CD56-4BCA-8CFC-7064173012B8}

    User: AMD2800\Omistaja

    Name: %AMD2800271

    ID: %AMD2800272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %AMD2800276

    Alert Type: %AMD2800278

    Detection Type: 1.1.1593.02

    Event ID #71915: Warning
    Event Submitted/Written: 08/08/2007 00:35:37 AM
    Event Source: WinDefend
    Event Description:
    %AMD280027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AMD280027 can't undo changes that you allow.

    For more information please see the following:
    %AMD2800275

    Scan ID: {985B4840-C529-4D42-A972-A5825EB3C59A}

    User: AMD2800\Omistaja

    Name: %AMD2800271

    ID: %AMD2800272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %AMD2800276

    Alert Type: %AMD2800278

    Detection Type: 1.1.1593.02

    Event ID #71914: Warning
    Event Submitted/Written: 08/08/2007 00:35:34 AM
    Event Source: WinDefend
    Event Description:
    %AMD280027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AMD280027 can't undo changes that you allow.

    For more information please see the following:
    %AMD2800275

    Scan ID: {BE30A036-BA72-4261-A411-A0D7E2FC0158}

    User: AMD2800\Omistaja

    Name: %AMD2800271

    ID: %AMD2800272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %AMD2800276

    Alert Type: %AMD2800278

    Detection Type: 1.1.1593.02

    Event ID #71913: Warning
    Event Submitted/Written: 08/08/2007 00:35:34 AM
    Event Source: WinDefend
    Event Description:
    %AMD280027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AMD280027 can't undo changes that you allow.

    For more information please see the following:
    %AMD2800275

    Scan ID: {0EBA1624-63ED-4F62-8472-2936E1E6314C}

    User: AMD2800\Omistaja

    Name: %AMD2800271

    ID: %AMD2800272

    Severity: 1.1.1593.05

    Category: 1.1.1593.06

    Path Found: %AMD2800276

    Alert Type: %AMD2800278

    Detection Type: 1.1.1593.02



    -- End of Deckard's System Scanner: finished at 2007-08-08 at 00:37:57 ---------

     
  18. Auttaja

    Auttaja Guest

    Lataa SmitfraudFix (by S!Ri) työpöydällesi.

    Tuplaklikkaa tiedostoa SmitfraudFix.exe

    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.

    **Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
    http://www.beyondlogic.org/consulting/processutil/processutil.htm

    ==========

    Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.


    Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

    ==========

    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

    ==========

    Laita molempien kohtien lokit ja combofixin logi... olipas siel viel roskaa.
     
  19. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    tässä olisi nyt aluksi tämä...

    SmitFraudFix v2.209

    Scan done at 1:09:48,15, ke 08.08.2007
    Run from C:\Documents and Settings\Omistaja\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\BrmfBAgS.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\BRMFRSMG.EXE
    D:\Sony kamera\Picture Package Menu\SonyTray.exe
    D:\Sony kamera\Picture Package Applications\Residence.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Omistaja\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Omistaja\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"

    [HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
    @="C:\WINDOWS\system32\dxovx.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
    @="C:\WINDOWS\system32\dxovx.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: SiS 900 PCI Fast Ethernet Adapter - Paketinajoituksen miniportti
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{32B23545-CD40-410F-9934-828015317D0C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{32B23545-CD40-410F-9934-828015317D0C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  20. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    ...ja tässä raportti puhdistuksesta

    SmitFraudFix v2.209

    Scan done at 1:18:57,45, ke 08.08.2007
    Run from C:\Documents and Settings\Omistaja\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"

    [HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
    @="C:\WINDOWS\system32\dxovx.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
    @="C:\WINDOWS\system32\dxovx.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{32B23545-CD40-410F-9934-828015317D0C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{32B23545-CD40-410F-9934-828015317D0C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  21. Okkocha

    Okkocha Member

    Liittynyt:
    06.08.2007
    Viestejä:
    14
    Kiitokset:
    0
    Pisteet:
    11
    ja lopuksi combofixin raportti..

    ComboFix 07-08-04.3 - "Omistaja" 2007-08-08 1:28:47.1 [GMT 3:00] - NTFS
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.Tosi
    * Created a new restore point


    ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


    2007-08-08 01:27 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-08 01:09 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-08-08 01:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-08-08 01:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-08-08 00:33 <KANSIO> d-------- C:\Deckard
    2007-08-08 00:27 <KANSIO> d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Comodo
    2007-08-08 00:27 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
    2007-08-08 00:24 <KANSIO> d-------- C:\Program Files\Comodo
    2007-08-08 00:19 8,061,008 --a------ C:\Program Files\CFP_Setup_English_2.4.17.183.exe
    2007-08-07 21:14 50,688 --a------ C:\Program Files\ATF-Cleaner.exe
    2007-08-06 23:33 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-08-06 22:41 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2007-08-06 22:36 <KANSIO> d-------- C:\WINDOWS\pss
    2007-08-06 21:41 <KANSIO> d-------- C:\DOCUME~1\Omistaja\Työpöytä
    2007-08-06 19:43 <KANSIO> d-------- C:\Hijackthis
    2007-08-06 19:37 488,144 --a------ C:\HJTsetup.exe
    2007-08-06 16:51 14,566,808 --a------ C:\Program Files\jre-6u2-windows-i586-p.exe
    2007-07-30 14:16 5,548 --a------ C:\DOCUME~1\Omistaja\pxsheu.exe
    2007-07-30 14:10 5,548 --a------ C:\DOCUME~1\Omistaja\djnurk.exe
    2007-07-30 14:03 5,548 --a------ C:\DOCUME~1\Omistaja\yflmsn.exe
    2007-07-30 13:57 5,548 --a------ C:\DOCUME~1\Omistaja\nnlbpb.exe
    2007-07-30 13:50 5,547 --a------ C:\DOCUME~1\Omistaja\icjure.exe
    2007-07-30 13:43 5,548 --a------ C:\DOCUME~1\Omistaja\oqzaiu.exe
    2007-07-30 13:36 5,548 --a------ C:\DOCUME~1\Omistaja\jgktom.exe
    2007-07-30 13:30 5,548 --a------ C:\DOCUME~1\Omistaja\htjayo.exe
    2007-07-30 13:23 5,548 --a------ C:\DOCUME~1\Omistaja\djwgqn.exe
    2007-07-30 13:16 5,548 --a------ C:\DOCUME~1\Omistaja\tpaxau.exe
    2007-07-30 13:10 5,548 --a------ C:\DOCUME~1\Omistaja\ezqmhd.exe
    2007-07-30 13:03 5,548 --a------ C:\DOCUME~1\Omistaja\cbtzse.exe
    2007-07-30 12:57 5,547 --a------ C:\DOCUME~1\Omistaja\ndpuzf.exe
    2007-07-30 12:50 5,548 --a------ C:\DOCUME~1\Omistaja\rgacsl.exe
    2007-07-30 12:43 5,548 --a------ C:\DOCUME~1\Omistaja\pronar.exe
    2007-07-30 12:37 5,548 --a------ C:\DOCUME~1\Omistaja\kkxcob.exe
    2007-07-30 12:30 5,548 --a------ C:\DOCUME~1\Omistaja\gkpreo.exe
    2007-07-30 12:23 5,548 --a------ C:\DOCUME~1\Omistaja\rtxfuc.exe
    2007-07-30 12:16 5,548 --a------ C:\DOCUME~1\Omistaja\npgrtm.exe
    2007-07-30 12:10 5,548 --a------ C:\DOCUME~1\Omistaja\uzgiku.exe
    2007-07-30 12:03 5,548 --a------ C:\DOCUME~1\Omistaja\ywuqyr.exe
    2007-07-30 11:57 5,548 --a------ C:\DOCUME~1\Omistaja\jykkuc.exe
    2007-07-30 11:50 5,548 --a------ C:\DOCUME~1\Omistaja\mxning.exe
    2007-07-30 11:43 5,548 --a------ C:\DOCUME~1\Omistaja\stbwjj.exe
    2007-07-30 11:36 5,548 --a------ C:\DOCUME~1\Omistaja\yhpxuf.exe
    2007-07-30 11:30 5,548 --a------ C:\DOCUME~1\Omistaja\zvwavy.exe
    2007-07-30 11:23 5,548 --a------ C:\DOCUME~1\Omistaja\ukibbq.exe
    2007-07-30 11:16 5,548 --a------ C:\DOCUME~1\Omistaja\aqfasg.exe
    2007-07-30 11:10 5,548 --a------ C:\DOCUME~1\Omistaja\ygrfzl.exe
    2007-07-28 18:15 <KANSIO> d-------- C:\Program Files\Common Files\Apple
    2007-07-28 18:15 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-08 01:23 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\OpenOffice.org2
    2007-08-08 01:19 2252 --a------ C:\WINDOWS\system32\tmp.reg
    2007-08-07 16:47 --------- d-------- C:\Program Files\Unibet
    2007-08-07 16:26 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Microgaming
    2007-07-28 18:59 --------- d-------- C:\Program Files\iTunes
    2007-07-28 18:58 --------- d-------- C:\Program Files\iPod
    2007-07-28 18:53 --------- d-------- C:\Program Files\QuickTime
    2007-07-28 18:22 --------- d-------- C:\Program Files\Apple Software Update
    2007-07-28 01:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-07-28 01:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-07-28 01:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-07-28 01:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-07-28 00:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-07-28 00:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-07-28 00:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-07-16 14:19 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Skype
    2007-06-14 20:57 --------- d-------- C:\Program Files\Windows Media Connect 2
    2007-06-11 12:53 65 --a------ C:\WINDOWS\system32\BD7420.dat
    2007-06-11 12:52 --------- d-------- C:\Program Files\Brother
    2007-06-11 12:51 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-11 12:51 --------- d-------- C:\Program Files\Common Files\InstallShield
    2007-05-22 19:34 4960 --a--c--- C:\WINDOWS\mozver.dat
    2007-05-16 18:14 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
    2007-05-16 18:14 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
    2007-05-16 18:14 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-05-16 18:14 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
    2007-05-16 18:14 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
    2007-01-13 17:34 398147 --a------ C:\Program Files\GSpot260RC1.zip
    2007-01-13 16:50 1733246 --a------ C:\Program Files\coda_v33.exe
    2006-07-26 15:27 284 --a------ C:\DOCUME~1\Omistaja\APPLIC~1\ViewerApp.dat
    2005-12-12 16:37 5190408 --a------ C:\Program Files\firefox_fi.exe
    2005-11-10 17:42 6082136 --a------ C:\Program Files\winamp5111_full_emusic-7plus.exe
    2005-09-10 12:00 564896 --a------ C:\Program Files\GoogleToolbarInstaller.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [2004-09-02 08:47 C:\WINDOWS\system32\SiSPower.dll]
    "Cmaudio"="cmicnfg.cpl" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 01:03]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-08 00:24]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 13:15]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 17:14]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-23 16:42]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-23 17:00]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 22:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]
    "LDM"="\Program\BackWeb-8876480.exe" []
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 13:46]

    C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-12-02 00:32:46]

    C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-05-26 19:02:26]
    Picture Package Menu.lnk - D:\Sony kamera\Picture Package Menu\SonyTray.exe [2006-07-26 12:47:57]
    Picture Package VCD Maker.lnk - D:\Sony kamera\Picture Package Applications\Residence.exe [2006-07-26 12:47:52]
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-08 17:16:47]

    R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
    R0 uagp35;Microsoft AGPv3.5 -suodatin;C:\WINDOWS\system32\DRIVERS\uagp35.sys
    R3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys
    R3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys
    R3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys
    R3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys
    R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
    R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
    S3 QCMerced;Logitech QuickCam Communicate;C:\WINDOWS\system32\DRIVERS\LVCM.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys


    Contents of the 'Scheduled Tasks' folder
    2007-08-07 20:43:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-08-07 22:26:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-08 01:31:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
    "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-08 1:32:31

    --- E O F ---
     

Jaa tämä sivu