HJT logi, VnrBlock, ppcbooster ja p2pmax jotain vielä vikana

Hujo · 12.12.2008

scannaa uusi hjtn loki

==========

katos nyt toi nortoni onko siinä palomuuria

==========

Mikäs on koneen tila

AfterDawn

CNiba · 12.12.2008

Ei ole nortonissa palomuuria. Jotain palomuuria jos vaikka viitsisit suositella? Ja nyt tuntuisi kone toimivan taas =)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:33, on 12.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\RivaTuner v2.20\RivaTuner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\yodm3D\Yodm3D.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\DC++\DCPlusPlus.exe
G:\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RivaTuner] "G:\RivaTuner v2.20\RivaTuner.exe" /T
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yodm3D] C:\Program Files\yodm3D\Yodm3D.exe
O4 - HKCU\..\Run: [PeerGuardian] G:\Security\Muita\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DC++.lnk = G:\DC++\DCPlusPlus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: NordicBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\NordicBetMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207723355703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207827973140
O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file:///C:/Documents%20and%20Settings/Disassembler/Local%20Settings/Temp/OnlineScanner/is2007ols/fscax.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB645E0A-1A85-4ED2-BE71-3F06E79D9824}: NameServer = 192.168.0.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - G:\Security\Firewalls\Sygate Personal Firewall\smc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7066 bytes

Hujo · 12.12.2008

Outpost Firewall http://www.agnitum.com/products/outpostfree/download.php

=================

ajas tuo

Trojan Remover

CNiba · 12.12.2008

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2551. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 16:23:55 12 joulu 2008
Using Database v7226
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Disassembler\Application Data\Simply Super Software\Trojan Remover\
Database directory: G:\Security\Muita\Trojan Remover\
Logfile directory: C:\Documents and Settings\Disassembler\Omat tiedostot\Simply Super Software\Trojan Remover Logfiles\
Program directory: G:\Security\Muita\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Nortons Anti-Virus

************************************************************

************************************************************
16:23:55: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
16:23:55: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
16:23:55: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
16:23:55: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1034240 bytes
Created: 9.4.2008
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13574144 bytes
Created: 5.12.2007
Modified: 17.9.2008
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 5.12.2007
Modified: 17.9.2008
Company: NVIDIA Corporation
--------------------
Value Name: ccApp
Value Data: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
84640 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
--------------------
Value Name: osCheck
Value Data: "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe
26248 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29.1.2008
Modified: 29.1.2008
Company: Symantec Corporation
--------------------
Value Name: RivaTuner
Value Data: "G:\RivaTuner v2.20\RivaTuner.exe" /T
G:\RivaTuner v2.20\RivaTuner.exe
2727936 bytes
Created: 19.11.2008
Modified: 19.11.2008
Company:
--------------------
Value Name: TrojanScanner
Value Data: G:\Security\Muita\Trojan Remover\Trjscan.exe /boot
G:\Security\Muita\Trojan Remover\Trjscan.exe
1233800 bytes
Created: 12.12.2008
Modified: 8.11.2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18.10.2007
Modified: 18.10.2007
Company: Microsoft Corporation
--------------------
Value Name: Yodm3D
Value Data: C:\Program Files\yodm3D\Yodm3D.exe
C:\Program Files\yodm3D\Yodm3D.exe
2343936 bytes
Created: 27.10.2008
Modified: 21.4.2007
Company: Christian SALMON
--------------------
Value Name: PeerGuardian
Value Data: G:\Security\Muita\PeerGuardian2\pg2.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
1382400 bytes
Created: 9.12.2008
Modified: 18.9.2005
Company: Methlabs
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
16:23:58: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
16:23:58: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
16:23:58: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
16:23:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
16:23:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 9.4.2008
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
--------------------

************************************************************
16:24:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 9.4.2008
Modified: 9.4.2008
Company: Adobe Systems
----------
Key: AmdK7
ImagePath: System32\DRIVERS\amdk7.sys
C:\WINDOWS\System32\DRIVERS\amdk7.sys
41728 bytes
Created: 9.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: Autodesk Licensing Service
ImagePath: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
85096 bytes
Created: 6.9.2008
Modified: 6.9.2008
Company: Autodesk
----------
Key: Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
198336 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\DISASS~1\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: cmuda
ImagePath: system32\drivers\cmuda.sys
C:\WINDOWS\system32\drivers\cmuda.sys
1368000 bytes
Created: 15.12.2005
Modified: 15.12.2005
Company: C-Media Inc
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
371248 bytes
Created: 9.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
99376 bytes
Created: 10.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: hwdatacard
ImagePath: system32\DRIVERS\ewusbmdm.sys
C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [file not found to scan]
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 3.4.2005
Modified: 3.4.2005
Company: Macrovision Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: ISPwdSvc
ImagePath: "G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe"
G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
79496 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 25.11.2008
Modified: 25.11.2008
Company: Sun Microsystems, Inc.
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2528960 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29.1.2008
Modified: 29.1.2008
Company: Symantec Corporation
----------
Key: msvsmon90
ImagePath: "G:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90
G:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
3004416 bytes
Created: 7.11.2007
Modified: 7.11.2007
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVENG.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVENG.SYS
89104 bytes
Created: 12.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVEX15.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVEX15.SYS
876112 bytes
Created: 12.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: NwlnkIpx
ImagePath: System32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 16.9.2002
Modified: 13.4.2008
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: System32\DRIVERS\nwlnknb.sys
C:\WINDOWS\System32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: System32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 3.11.2008
Modified: 3.11.2008
Company:
----------
Key: RivaTuner32
ImagePath: \??\G:\RivaTuner v2.20\RivaTuner32.sys
G:\RivaTuner v2.20\RivaTuner32.sys
9088 bytes
Created: 19.11.2008
Modified: 19.11.2008
Company:
----------
Key: SmcService
ImagePath: G:\Security\Firewalls\Sygate Personal Firewall\smc.exe
G:\Security\Firewalls\Sygate Personal Firewall\smc.exe [file not found to scan]
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
406672 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\WINDOWS\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\WINDOWS\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\WINDOWS\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{F5D74478-F400-433B-BBB4-E5DC5C085FCC}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1251720 bytes
Created: 9.12.2008
Modified: 10.12.2008
Company:
----------
Key: SymAppCore
ImagePath: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
46736 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\WINDOWS\System32\Drivers\SYMDNS.SYS
12848 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 9.12.2008
Modified: 10.12.2008
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
146096 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
39984 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\SymIDSCo.sys
C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\SymIDSCo.sys
250224 bytes
Created: 10.12.2008
Modified: 5.12.2008
Company: Symantec Corporation
----------
Key: SYMNDIS
ImagePath: \SystemRoot\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
35120 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
27696 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
187952 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: Tcpip6
ImagePath: System32\DRIVERS\tcpip6.sys
C:\WINDOWS\System32\DRIVERS\tcpip6.sys
225856 bytes
Created: 16.9.2002
Modified: 20.6.2008
Company: Microsoft Corporation
----------
Key: Teefer
ImagePath: SYSTEM32\Drivers\Teefer.sys
C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [file not found to scan]
----------
Key: UnlockerDriver5
ImagePath: \??\G:\Security\Muita\Unlocker\UnlockerDriver5.sys
G:\Security\Muita\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 2.5.2008
Modified: 2.5.2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18.10.2007
Modified: 18.10.2007
Company: Microsoft Corporation
----------
Key: wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [file not found to scan]
----------
Key: wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [file not found to scan]
----------
Key: wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [file not found to scan]
----------
Key: wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [file not found to scan]
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25.10.2007
Modified: 25.10.2007
Company: Microsoft Corporation
----------
Key: wpsdrvnt
ImagePath: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
C:\WINDOWS\system32\drivers\wpsdrvnt.sys [file not found to scan]
----------

************************************************************
16:24:07: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 9.4.2008
Modified: 28.2.2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
16:24:07: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
16:24:08: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Autodesk.DWF.ContextMenu
CLSID: {6C18531F-CA85-45F7-8278-FF33CF0A5964}
Path: C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
2915896 bytes
Created: 9.11.2006
Modified: 9.11.2006
Company: Autodesk, Inc.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
File: [CLSID does not appear to reference a file]
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Path: G:\Security\ISOTOH~1\NORTON~1\NavShExt.dll
G:\Security\ISOTOH~1\NORTON~1\NavShExt.dll
173728 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: G:\Security\Muita\TROJAN~1\Trshlex.dll
G:\Security\Muita\TROJAN~1\Trshlex.dll
467552 bytes
Created: 12.12.2008
Modified: 5.2.2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: G:\WinRaR\rarext.dll
G:\WinRaR\rarext.dll
129024 bytes
Created: 9.4.2008
Modified: 20.9.2007
Company:
----------
Key: WS_FTP
CLSID: {797F3885-5429-11D4-8823-0050DA59922B}
Path: G:\Ipswitch WS_FTP Professional\wsftpsi.dll
G:\Ipswitch WS_FTP Professional\wsftpsi.dll
245760 bytes
Created: 9.4.2008
Modified: 22.6.2006
Company: Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421
----------

************************************************************
16:24:08: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {8A0BC933-7552-42E2-A228-3BE055777227}
File: C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
103016 bytes
Created: 12.2.2007
Modified: 12.2.2007
Company: Autodesk
----------

************************************************************
16:24:08: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
16:24:08: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------

************************************************************
16:24:08: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
16:24:09: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
16:24:09: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
16:24:09: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
16:24:09: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini
-HS- 84 bytes
Created: 9.4.2008
Modified: 9.4.2008
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
16:24:09: Scanning ----- SCHEDULED TASKS -----
Taskname: Norton AntiVirus - Run Full System Scan - Disassembler.job
File: G:\Security\ISOTOH~1\NORTON~1\Navw32.exe
G:\Security\ISOTOH~1\NORTON~1\Navw32.exe
214688 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
Parameters: /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Next Run Time: 13.12.2008 3:00:00
Status: Tehtävää ei ole vielä suoritettu
Creator: Disassembler
Comments: This is a schedule scan task from Norton AntiVirus.
----------
Taskname: RegClean Scheduled Scan.job
File: G:\RegClean\RegClean.exe
Parameters: scheduled
Next Run Time: 13.12.2008 3:30:00
Status: Tehtävää ei ole vielä suoritettu
Creator: Disassembler
Comments: Runs RegClean to optimize your registry.
G:\RegClean\RegClean.exe [file not found to scan]
----------

************************************************************
16:24:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: AutoCAD Digital Signatures Icon Overlay Handler
CLSID: {36A21736-36C2-4C11-8ACB-D4136F2B57BD}
File: C:\WINDOWS\system32\AcSignIcon.dll
C:\WINDOWS\system32\AcSignIcon.dll
44648 bytes
Created: 12.2.2007
Modified: 12.2.2007
Company: Autodesk, Inc.
----------

************************************************************
16:24:09: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Program Files\yodm3D\desktopwallpaper0.bmp
C:\Program Files\yodm3D\desktopwallpaper0.bmp
5760054 bytes
Created: 27.10.2008
Modified: 22.10.2008
Company:
----------
Web Desktop Wallpaper: %ProgramFiles%\yodm3D\desktopwallpaper0.bmp
C:\Program Files\yodm3D\desktopwallpaper0.bmp
5760054 bytes
Created: 27.10.2008
Modified: 22.10.2008
Company:
----------
Additional checks completed

************************************************************
16:24:10: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
--------------------
C:\WINDOWS\system32\wdfmgr.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Common Files\Symantec Shared\ccApp.exe - file already scanned
--------------------
G:\RivaTuner v2.20\RivaTuner.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe - file already scanned
--------------------
C:\Program Files\yodm3D\Yodm3D.exe - file already scanned
--------------------
G:\Security\Muita\PeerGuardian2\pg2.exe - file already scanned
--------------------
G:\DC++\DCPlusPlus.exe
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Mail\wlmail.exe
--------------------
G:\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Disassembler\Application Data\Simply Super Software\Trojan Remover\acm9.exe
FileSize: 2888568
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
16:24:16: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
16:24:16: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
16:24:16: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 16:24:16 12 joulu 2008
Total Scan time: 00:00:21
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2551. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 16:10:05 12 joulu 2008
Using Database v7226
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Disassembler\Application Data\Simply Super Software\Trojan Remover\
Database directory: G:\Security\Muita\Trojan Remover\
Logfile directory: C:\Documents and Settings\Disassembler\Omat tiedostot\Simply Super Software\Trojan Remover Logfiles\
Program directory: G:\Security\Muita\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Nortons Anti-Virus

************************************************************

************************************************************
16:10:05: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
16:10:05: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
16:10:05: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
16:10:06: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1034240 bytes
Created: 9.4.2008
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13574144 bytes
Created: 5.12.2007
Modified: 17.9.2008
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 5.12.2007
Modified: 17.9.2008
Company: NVIDIA Corporation
--------------------
Value Name: ccApp
Value Data: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
84640 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
--------------------
Value Name: osCheck
Value Data: "G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe"
G:\Security\Isot ohjelmat\Norton Antivirus\osCheck.exe
26248 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29.1.2008
Modified: 29.1.2008
Company: Symantec Corporation
--------------------
Value Name: RivaTuner
Value Data: "G:\RivaTuner v2.20\RivaTuner.exe" /T
G:\RivaTuner v2.20\RivaTuner.exe
2727936 bytes
Created: 19.11.2008
Modified: 19.11.2008
Company:
--------------------
Value Name: TrojanScanner
Value Data: G:\Security\Muita\Trojan Remover\Trjscan.exe /boot
G:\Security\Muita\Trojan Remover\Trjscan.exe
1233800 bytes
Created: 12.12.2008
Modified: 8.11.2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18.10.2007
Modified: 18.10.2007
Company: Microsoft Corporation
--------------------
Value Name: Yodm3D
Value Data: C:\Program Files\yodm3D\Yodm3D.exe
C:\Program Files\yodm3D\Yodm3D.exe
2343936 bytes
Created: 27.10.2008
Modified: 21.4.2007
Company: Christian SALMON
--------------------
Value Name: PeerGuardian
Value Data: G:\Security\Muita\PeerGuardian2\pg2.exe
G:\Security\Muita\PeerGuardian2\pg2.exe
1382400 bytes
Created: 9.12.2008
Modified: 18.9.2005
Company: Methlabs
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
16:10:10: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
16:10:10: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
16:10:10: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
16:10:10: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
16:10:10: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 9.4.2008
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
--------------------

************************************************************
16:10:12: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Adobe LM Service
ImagePath: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created: 9.4.2008
Modified: 9.4.2008
Company: Adobe Systems
----------
Key: AmdK7
ImagePath: System32\DRIVERS\amdk7.sys
C:\WINDOWS\System32\DRIVERS\amdk7.sys
41728 bytes
Created: 9.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: Autodesk Licensing Service
ImagePath: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
85096 bytes
Created: 6.9.2008
Modified: 6.9.2008
Company: Autodesk
----------
Key: Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
198336 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\DISASS~1\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: cmuda
ImagePath: system32\drivers\cmuda.sys
C:\WINDOWS\system32\drivers\cmuda.sys
1368000 bytes
Created: 15.12.2005
Modified: 15.12.2005
Company: C-Media Inc
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
371248 bytes
Created: 9.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
99376 bytes
Created: 10.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: hwdatacard
ImagePath: system32\DRIVERS\ewusbmdm.sys
C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [file not found to scan]
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 3.4.2005
Modified: 3.4.2005
Company: Macrovision Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: ISPwdSvc
ImagePath: "G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe"
G:\Security\Isot ohjelmat\Norton Antivirus\isPwdSvc.exe
79496 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 25.11.2008
Modified: 25.11.2008
Company: Sun Microsystems, Inc.
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2528960 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
105632 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29.1.2008
Modified: 29.1.2008
Company: Symantec Corporation
----------
Key: msvsmon90
ImagePath: "G:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90
G:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
3004416 bytes
Created: 7.11.2007
Modified: 7.11.2007
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVENG.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVENG.SYS
89104 bytes
Created: 12.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVEX15.SYS
C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081211.048\NAVEX15.SYS
876112 bytes
Created: 12.12.2008
Modified: 20.11.2008
Company: Symantec Corporation
----------
Key: NwlnkIpx
ImagePath: System32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 16.9.2002
Modified: 13.4.2008
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: System32\DRIVERS\nwlnknb.sys
C:\WINDOWS\System32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: System32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 16.9.2002
Modified: 16.9.2002
Company: Microsoft Corporation
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 3.11.2008
Modified: 3.11.2008
Company:
----------
Key: RivaTuner32
ImagePath: \??\G:\RivaTuner v2.20\RivaTuner32.sys
G:\RivaTuner v2.20\RivaTuner32.sys
9088 bytes
Created: 19.11.2008
Modified: 19.11.2008
Company:
----------
Key: SmcService
ImagePath: G:\Security\Firewalls\Sygate Personal Firewall\smc.exe
G:\Security\Firewalls\Sygate Personal Firewall\smc.exe [file not found to scan]
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
406672 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\WINDOWS\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\WINDOWS\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\WINDOWS\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 30.11.2007
Modified: 30.11.2007
Company: Symantec Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{F5D74478-F400-433B-BBB4-E5DC5C085FCC}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1251720 bytes
Created: 9.12.2008
Modified: 10.12.2008
Company:
----------
Key: SymAppCore
ImagePath: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
46736 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\WINDOWS\System32\Drivers\SYMDNS.SYS
12848 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 9.12.2008
Modified: 10.12.2008
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
146096 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
39984 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\SymIDSCo.sys
C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\SymIDSCo.sys
250224 bytes
Created: 10.12.2008
Modified: 5.12.2008
Company: Symantec Corporation
----------
Key: SYMNDIS
ImagePath: \SystemRoot\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
35120 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
27696 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
187952 bytes
Created: 3.10.2008
Modified: 3.10.2008
Company: Symantec Corporation
----------
Key: Tcpip6
ImagePath: System32\DRIVERS\tcpip6.sys
C:\WINDOWS\System32\DRIVERS\tcpip6.sys
225856 bytes
Created: 16.9.2002
Modified: 20.6.2008
Company: Microsoft Corporation
----------
Key: Teefer
ImagePath: SYSTEM32\Drivers\Teefer.sys
C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [file not found to scan]
----------
Key: UnlockerDriver5
ImagePath: \??\G:\Security\Muita\Unlocker\UnlockerDriver5.sys
G:\Security\Muita\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 2.5.2008
Modified: 2.5.2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18.10.2007
Modified: 18.10.2007
Company: Microsoft Corporation
----------
Key: wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [file not found to scan]
----------
Key: wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [file not found to scan]
----------
Key: wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [file not found to scan]
----------
Key: wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [file not found to scan]
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25.10.2007
Modified: 25.10.2007
Company: Microsoft Corporation
----------
Key: wpsdrvnt
ImagePath: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
C:\WINDOWS\system32\drivers\wpsdrvnt.sys [file not found to scan]
----------

************************************************************
16:10:20: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 9.4.2008
Modified: 28.2.2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
16:10:20: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
16:10:21: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Autodesk.DWF.ContextMenu
CLSID: {6C18531F-CA85-45F7-8278-FF33CF0A5964}
Path: C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
2915896 bytes
Created: 9.11.2006
Modified: 9.11.2006
Company: Autodesk, Inc.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
File: [CLSID does not appear to reference a file]
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Path: G:\Security\ISOTOH~1\NORTON~1\NavShExt.dll
G:\Security\ISOTOH~1\NORTON~1\NavShExt.dll
173728 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: G:\Security\Muita\TROJAN~1\Trshlex.dll
G:\Security\Muita\TROJAN~1\Trshlex.dll
467552 bytes
Created: 12.12.2008
Modified: 5.2.2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: G:\WinRaR\rarext.dll
G:\WinRaR\rarext.dll
129024 bytes
Created: 9.4.2008
Modified: 20.9.2007
Company:
----------
Key: WS_FTP
CLSID: {797F3885-5429-11D4-8823-0050DA59922B}
Path: G:\Ipswitch WS_FTP Professional\wsftpsi.dll
G:\Ipswitch WS_FTP Professional\wsftpsi.dll
245760 bytes
Created: 9.4.2008
Modified: 22.6.2006
Company: Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421
----------

************************************************************
16:10:21: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {8A0BC933-7552-42E2-A228-3BE055777227}
File: C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
103016 bytes
Created: 12.2.2007
Modified: 12.2.2007
Company: Autodesk
----------

************************************************************
16:10:21: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
16:10:21: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 16.9.2002
Modified: 14.4.2008
Company: Microsoft Corporation
----------

************************************************************
16:10:21: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
16:10:22: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
16:10:22: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
16:10:23: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
16:10:23: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini
-HS- 84 bytes
Created: 9.4.2008
Modified: 9.4.2008
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
16:10:24: Scanning ----- SCHEDULED TASKS -----
Taskname: Norton AntiVirus - Run Full System Scan - Disassembler.job
File: G:\Security\ISOTOH~1\NORTON~1\Navw32.exe
G:\Security\ISOTOH~1\NORTON~1\Navw32.exe
214688 bytes
Created: 9.12.2008
Modified: 9.12.2008
Company: Symantec Corporation
Parameters: /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Next Run Time: 13.12.2008 3:00:00
Status: Tehtävää ei ole vielä suoritettu
Creator: Disassembler
Comments: This is a schedule scan task from Norton AntiVirus.
----------
Taskname: RegClean Scheduled Scan.job
File: G:\RegClean\RegClean.exe
Parameters: scheduled
Next Run Time: 13.12.2008 3:30:00
Status: Tehtävää ei ole vielä suoritettu
Creator: Disassembler
Comments: Runs RegClean to optimize your registry.
G:\RegClean\RegClean.exe [file not found to scan]
----------

************************************************************
16:10:24: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: AutoCAD Digital Signatures Icon Overlay Handler
CLSID: {36A21736-36C2-4C11-8ACB-D4136F2B57BD}
File: C:\WINDOWS\system32\AcSignIcon.dll
C:\WINDOWS\system32\AcSignIcon.dll
44648 bytes
Created: 12.2.2007
Modified: 12.2.2007
Company: Autodesk, Inc.
----------

************************************************************
16:10:24: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoSMHelp
All Policy Values listed have been removed
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Program Files\yodm3D\desktopwallpaper0.bmp
C:\Program Files\yodm3D\desktopwallpaper0.bmp
5760054 bytes
Created: 27.10.2008
Modified: 22.10.2008
Company:
----------
Web Desktop Wallpaper: %ProgramFiles%\yodm3D\desktopwallpaper0.bmp
C:\Program Files\yodm3D\desktopwallpaper0.bmp
5760054 bytes
Created: 27.10.2008
Modified: 22.10.2008
Company:
----------
Additional checks completed

************************************************************
16:10:50: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
--------------------
C:\WINDOWS\system32\wdfmgr.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\ccApp.exe - file already scanned
--------------------
G:\RivaTuner v2.20\RivaTuner.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe - file already scanned
--------------------
C:\Program Files\yodm3D\Yodm3D.exe - file already scanned
--------------------
G:\Security\Muita\PeerGuardian2\pg2.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
--------------------
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe - file already scanned
--------------------
G:\DC++\DCPlusPlus.exe
--------------------
G:\Mozilla Firefox\firefox.exe
--------------------
C:\Program Files\Windows Live\Mail\wlmail.exe
--------------------
C:\Documents and Settings\Disassembler\Application Data\Simply Super Software\Trojan Remover\eqsC9.exe
FileSize: 2888568
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
16:10:55: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
16:10:55: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
16:10:55: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fi
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 16:10:55 12 joulu 2008
Total Scan time: 00:00:49
************************************************************

Hujo · 12.12.2008

Ei muuta kuin Poistelet koneelta
SDFix
Combofix
C:\Bases
C:\Kaspersky

Kirjoita suorita luukkuun

Combofix /u

paina enter

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

=======

Ootetaan uusia mörköjä koneelle

CNiba · 12.12.2008

Kiitokset avusta. Ja ei muutakuin mörkö jahtiin...

Kirjaudu tai liity jäseneksi

HJT logi, VnrBlock, ppcbooster ja p2pmax jotain vielä vikana

Hujo Guest

CNiba Member

Hujo Guest

CNiba Member

Hujo Guest

CNiba Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

HJT logi, VnrBlock, ppcbooster ja p2pmax jotain vielä vikana

Hujo Guest

CNiba Member

Hujo Guest

CNiba Member

Hujo Guest

CNiba Member

Jaa tämä sivu

Hyödyllisiä hakuja