kone hidas?.. (Hjt-loki)

Logfile of HijackThis v1.99.1
Scan saved at 22:39:31, on 6.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\{B02F80B4-05DA-1035-0519-050311130166}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {66D0151A-3F3F-4C06-8187-4B5D866AD2CF} - C:\WINDOWS\System32\vtstu.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [c681aa87.exe] C:\WINDOWS\System32\c681aa87.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [c681aa87.exe] C:\Documents and Settings\Tunppi\Local Settings\Application Data\c681aa87.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154825077921
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

Poista lisää/poista sovellus työkalulla:
[bold]ToolBar888[/bold]

Käynnistä hjt, klikkaa do a system scan only, merkkaa:
[bold]O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [c681aa87.exe] C:\WINDOWS\System32\c681aa87.exe
O4 - HKCU\..\Run: [c681aa87.exe] C:\Documents and Settings\Tunppi\Local Settings\Application Data\c681aa87.exe
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
[/bold]
Sulje muut ikkunat ja klikkaa fix checked.

Poista, jos löytyy (tarvittaessa vikasietotilassa):
C:\Program Files\ToolBar888
C:\WINDOWS\System32\[bold]c681aa87.exe[/bold]
C:\Documents and Settings\Tunppi\Local Settings\Application Data\[bold]c681aa87.exe[/bold]
[bold]winrnt32.dll[/bold] (Etsi tätä Windowsin etsintätyökalun avulla)


Lataa VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) työpöydällesi.


* Tupla-klikkaa VundoFix.exe ajaaksesi sen.
* Rastita boksi Run VundoFix as a task.
* Saat viestin joka sanoo "Vundofix will close and re-open in a minute or less". Klikkaa OK.
* Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
* Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
* Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin

o C:\WINDOWS\system32\vtstu.dll
o C:\WINDOWS\system32\utstv.*

* Klikkaa Add Files ja sitten klikkaa Close Window.

* Klikkaa Remove Vundo valintaa.
* Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
* Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
* Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
* Käynnistä koneesi uudelleen.
* Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.

 

Logfile of HijackThis v1.99.1
Scan saved at 19:55:58, on 7.8.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\{B02F80B4-05DA-1035-0519-050311130166}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\System32\msiexec.exe
c:\windows\system32\VundoFix.exe
C:\HijackThis_v1.99.1.exe

O2 - BHO: (no name) - {66D0151A-3F3F-4C06-8187-4B5D866AD2CF} - C:\WINDOWS\System32\vtstu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154825077921
O20 - Winlogon Notify: vtstu - C:\WINDOWS\System32\vtstu.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


VundoFix V5.1.7

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 19:55:03 7.8.2006

Listing files found while scanning....

No infected files were found.

 

1. Lataa combofix.exe tiedosto työpöydällesi (http://download.bleepingcomputer.com/sUBs/combofix.exe).
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Start Time= ma 07.08.2006 21:16:29,20
Running from: C:\Program Files\Mozilla Firefox

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-07 21:10:58 ( .D... ) "C:\Documents and Settings\Tunppi\Application Data\Skype"
2006-08-07 21:10:12 ( .D... ) "C:\Program Files\Skype"
2006-08-07 19:54:48 77312 ( A.... ) "C:\WINDOWS\system32\VundoFix.exe"
2006-08-07 19:50:02 ( .D... ) "C:\Program Files\Java"
2006-08-07 19:45:02 ( .D... ) "C:\Program Files\Common Files\Java"
2006-08-07 00:22:26 ( .D... ) "C:\Program Files\ToniArts"
2006-08-07 00:21:28 ( .D... ) "C:\Program Files\ffdshow"
2006-08-06 23:38:44 4264187 ( A.... ) "C:\FFdshow-20060803-rev2546.exe"
2006-08-06 22:40:24 2951802 ( A.... ) "C:\easycleaner_v2.0.6.380.exe"
2006-08-06 22:38:02 218112 ( A.... ) "C:\HijackThis_v1.99.1.exe"
2006-08-06 14:51:50 ( .D... ) "C:\Documents and Settings\Tunppi\Application Data\Publish Providers"
2006-08-06 14:51:50 ( .D... ) "C:\Documents and Settings\Tunppi\Application Data\NetMedia Providers"
2006-08-06 14:24:06 461 ( A.... ) "C:\Program Files\INSTALL.LOG"
2006-08-06 14:12:46 ( .D... ) "C:\Program Files\X-Setup Pro"
2006-08-06 14:00:30 6144 ( A.... ) "C:\WINDOWS\easys32.dll"
2006-08-06 13:29:14 ( .D... ) "C:\Documents and Settings\Tunppi\Application Data\Adobe"
2006-08-06 13:28:20 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-08-06 13:24:54 ( .D... ) "C:\Program Files\VIA"
2006-08-06 13:21:42 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-08-06 13:21:42 ( .D... ) "C:\Program Files\C-Media 3D Audio"
2006-08-06 13:20:36 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-08-06 05:59:50 ( .D... ) "C:\Program Files\ExploreAnywhere"
2006-08-06 05:54:12 ( .D... ) "C:\Program Files\Softwin"
2006-08-06 05:53:24 ( .D... ) "C:\Program Files\Common Files\Softwin"
2006-08-06 05:39:28 ( .D... ) "C:\Program Files\DC++"
2006-08-06 05:04:18 ( .D... ) "C:\Documents and Settings\Tunppi\Application Data\Mozilla"
2006-08-06 05:04:16 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-08-06 04:13:54 ( .D... ) "C:\Documents and Settings\Tunppi\Application Data\uTorrent"
2006-08-06 04:13:52 ( .D... ) "C:\Program Files\uTorrent"
2006-08-06 04:11:30 ( .D... ) "C:\Program Files\WinRAR"
2006-08-06 04:04:40 47564 ( A.SHR ) "C:\NTDETECT.COM"
2006-08-06 03:40:34 573492 ( ..SH. ) "C:\WINDOWS\system32\vtstu.dll"
2006-08-06 03:22:48 ( .D... ) "C:\Program Files\Common Files\{B02F80B4-05DA-1035-0519-050311130166}"
2006-08-06 03:22:44 40973 ( ..SH. ) "C:\WINDOWS\system32\cbxyyyv.dll"
2006-08-05 20:19:46 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-08-05 20:19:44 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-08-05 20:19:42 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-08-05 20:19:42 ( .D... ) "C:\Program Files\Common Files"
2006-08-05 20:19:16 62 ( A.SH. ) "C:\Documents and Settings\Tunppi\Application Data\desktop.ini"
2006-08-05 20:18:38 ( .D... ) "C:\Program Files\Winamp"
2006-08-05 20:17:52 ( .D... ) "C:\Program Files\Common Files\Symantec Shared"
2006-08-05 20:13:46 ( .D... ) "C:\Program Files\DAEMON Tools"
2006-08-05 20:11:42 ( .D... ) "C:\Documents and Settings\Tunppi\Application Data\Identities"
2006-08-05 20:11:38 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-08-05 20:11:24 ( .DS.. ) "C:\Documents and Settings\Tunppi\Application Data\Microsoft"
2006-08-05 19:36:04 ( .D... ) "C:\Program Files\xerox"
2006-08-05 19:36:04 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-08-05 19:35:34 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-08-05 19:32:54 ( .D... ) "C:\Program Files\Common Files\Services"
2006-08-05 19:32:46 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-08-05 19:32:38 ( .D... ) "C:\Program Files\Movie Maker"
2006-08-05 19:32:30 ( .D... ) "C:\Program Files\NetMeeting"
2006-08-05 19:32:28 ( .D... ) "C:\Program Files\Outlook Express"
2006-08-05 19:32:20 ( .D... ) "C:\Program Files\Common Files\System"
2006-08-05 19:32:18 ( .D... ) "C:\Program Files\Internet Explorer"
2006-08-05 19:31:34 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-08-05 19:31:20 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-08-05 19:31:20 ( .D... ) "C:\Program Files\Online Services"
2006-08-05 19:31:18 ( .D... ) "C:\Program Files\Windows Media Player"
2006-08-05 19:31:12 ( .D... ) "C:\Program Files\Messenger"
2006-08-05 19:31:06 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-08-05 19:30:22 ( .D... ) "C:\Program Files\Windows NT"
2006-05-19 16:24:54 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 16:24:54 110592 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 16:24:54 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-16 23:23:56 28672 ( ..... ) "C:\WINDOWS\system32\vxblock.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-07 19:53 49ÿ250 C:\WINDOWS\system32\javaw.exe
2006-08-07 19:53 49ÿ248 C:\WINDOWS\system32\java.exe
2006-08-07 19:53 127ÿ078 C:\WINDOWS\system32\javaws.exe
2006-08-07 19:15 77ÿ312 C:\WINDOWS\system32\VundoFix.exe
2006-08-06 23:35 4ÿ264ÿ187 C:\FFdshow-20060803-rev2546.exe
2006-08-06 22:38 218ÿ112 C:\HijackThis_v1.99.1.exe
2006-08-06 22:38 2ÿ951ÿ802 C:\easycleaner_v2.0.6.380.exe
2006-08-06 14:00 6ÿ144 C:\WINDOWS\easys32.dll
2006-08-06 13:24 712ÿ704 C:\WINDOWS\system32\Audio3D.dll
2006-08-06 13:24 712ÿ704 C:\WINDOWS\system32\a3d.dll
2006-08-06 13:24 32ÿ768 C:\WINDOWS\system32\udaprop.dll
2006-08-06 13:24 28ÿ672 C:\WINDOWS\system32\cmirmdrv.dll
2006-08-06 13:24 233ÿ472 C:\WINDOWS\system32\cmirmdrv.exe
2006-08-06 13:24 163ÿ840 C:\WINDOWS\system32\cmuda.dll
2006-08-06 13:23 4ÿ096 C:\WINDOWS\system32\ksuser.dll
2006-08-06 13:21 28ÿ672 C:\WINDOWS\CMIRmDriver.dll
2006-08-06 13:21 266ÿ240 C:\WINDOWS\CMIUninstall.exe
2006-08-06 13:21 225ÿ280 C:\WINDOWS\CmiRmRedundDir.exe
2006-08-06 13:17 306ÿ688 C:\WINDOWS\IsUninst.exe
2006-08-06 05:17 46ÿ352 C:\WINDOWS\setdebug.exe
2006-08-06 05:17 139ÿ536 C:\WINDOWS\system32\javaee.dll
2006-08-06 05:17 113 C:\WINDOWS\system32\zonedon.reg
2006-08-06 05:17 113 C:\WINDOWS\system32\zonedoff.reg
2006-08-06 05:03 127ÿ208 C:\WINDOWS\system32\mucltui.dll
2006-08-06 04:11 9ÿ728 C:\WINDOWS\system32\comsdupd.exe
2006-08-06 04:11 896ÿ512 C:\WINDOWS\system32\wmspdmoe.dll
2006-08-06 04:11 88ÿ064 C:\WINDOWS\system32\p2pnetsh.dll
2006-08-06 04:11 870ÿ784 C:\WINDOWS\system32\ati3d1ag.dll
2006-08-06 04:11 86ÿ016 C:\WINDOWS\system32\p2pgasvc.dll
2006-08-06 04:11 86ÿ016 C:\WINDOWS\system32\mdmxsdk.dll
2006-08-06 04:11 81ÿ920 C:\WINDOWS\system32\ieencode.dll
2006-08-06 04:11 81ÿ408 C:\WINDOWS\system32\wscsvc.dll
2006-08-06 04:11 8ÿ192 C:\WINDOWS\system32\smbinst.exe
2006-08-06 04:11 755ÿ200 C:\WINDOWS\system32\ir50_32.dll
2006-08-06 04:11 75ÿ776 C:\WINDOWS\system32\strmfilt.dll
2006-08-06 04:11 73ÿ832 C:\WINDOWS\system32\slcoinst.dll
2006-08-06 04:11 73ÿ796 C:\WINDOWS\system32\slserv.exe
2006-08-06 04:11 71ÿ680 C:\WINDOWS\system32\blastcln.exe
2006-08-06 04:11 7ÿ680 C:\WINDOWS\system32\kbdsmsno.dll
2006-08-06 04:11 7ÿ680 C:\WINDOWS\system32\kbdsmsfi.dll
2006-08-06 04:11 7ÿ168 C:\WINDOWS\system32\kbdukx.dll
2006-08-06 04:11 7ÿ168 C:\WINDOWS\system32\kbdno1.dll
2006-08-06 04:11 7ÿ168 C:\WINDOWS\system32\kbdfi1.dll
2006-08-06 04:11 60ÿ416 C:\WINDOWS\system32\fwcfg.dll
2006-08-06 04:11 6ÿ656 C:\WINDOWS\system32\kbdinmal.dll
2006-08-06 04:11 6ÿ656 C:\WINDOWS\system32\kbdinben.dll
2006-08-06 04:11 6ÿ144 C:\WINDOWS\system32\kbdmlt48.dll
2006-08-06 04:11 6ÿ144 C:\WINDOWS\system32\kbdmlt47.dll
2006-08-06 04:11 6ÿ144 C:\WINDOWS\system32\kbdinbe1.dll
2006-08-06 04:11 526ÿ848 C:\WINDOWS\system32\p2psvc.dll
2006-08-06 04:11 52ÿ224 C:\WINDOWS\system32\mspmsnsv.dll
2006-08-06 04:11 516ÿ768 C:\WINDOWS\system32\ativvaxx.dll
2006-08-06 04:11 50ÿ688 C:\WINDOWS\system32\btpanui.dll
2006-08-06 04:11 50ÿ176 C:\WINDOWS\system32\xmlprovi.dll
2006-08-06 04:11 5ÿ632 C:\WINDOWS\system32\kbdmaori.dll
2006-08-06 04:11 49ÿ152 C:\WINDOWS\system32\powercfg.exe
2006-08-06 04:11 484ÿ864 C:\WINDOWS\system32\wmspdmod.dll
2006-08-06 04:11 48ÿ640 C:\WINDOWS\system32\pnrpnsp.dll
2006-08-06 04:11 44ÿ032 C:\WINDOWS\system32\twext.dll
2006-08-06 04:11 4ÿ274ÿ816 C:\WINDOWS\system32\nv4_disp.dll
2006-08-06 04:11 397ÿ056 C:\WINDOWS\system32\s3gnb.dll
2006-08-06 04:11 384ÿ512 C:\WINDOWS\system32\mp4sdmod.dll
2006-08-06 04:11 377ÿ984 C:\WINDOWS\system32\ati2dvaa.dll
2006-08-06 04:11 338ÿ432 C:\WINDOWS\system32\ir41_qcx.dll
2006-08-06 04:11 32ÿ866 C:\WINDOWS\system32\slrundll.exe
2006-08-06 04:11 32ÿ866 C:\WINDOWS\slrundll.exe
2006-08-06 04:11 32ÿ768 C:\WINDOWS\system32\ativtmxx.dll
2006-08-06 04:11 32ÿ285 C:\WINDOWS\system32\hsfcisp2.dll
2006-08-06 04:11 312ÿ320 C:\WINDOWS\system32\p2pgraph.dll
2006-08-06 04:11 310ÿ272 C:\WINDOWS\system32\mp43dmod.dll
2006-08-06 04:11 30ÿ208 C:\WINDOWS\system32\bthserv.dll
2006-08-06 04:11 29ÿ184 C:\WINDOWS\system32\sdhcinst.dll
2006-08-06 04:11 286ÿ792 C:\WINDOWS\system32\slextspk.dll
2006-08-06 04:11 24ÿ576 C:\WINDOWS\system32\httpapi.dll
2006-08-06 04:11 233ÿ472 C:\WINDOWS\system32\wmpdxm.dll
2006-08-06 04:11 229ÿ376 C:\WINDOWS\system32\ati2cqag.dll
2006-08-06 04:11 22ÿ528 C:\WINDOWS\system32\fltmc.exe
2006-08-06 04:11 201ÿ728 C:\WINDOWS\system32\ati2dvag.dll
2006-08-06 04:11 200ÿ192 C:\WINDOWS\system32\ir50_qc.dll
2006-08-06 04:11 20ÿ992 C:\WINDOWS\system32\bthci.dll
2006-08-06 04:11 2ÿ921ÿ984 C:\WINDOWS\system32\xpsp2res.dll
2006-08-06 04:11 2ÿ113ÿ536 C:\WINDOWS\system32\dxdiagn.dll
2006-08-06 04:11 193ÿ024 C:\WINDOWS\system32\fsquirt.exe
2006-08-06 04:11 188ÿ508 C:\WINDOWS\system32\slgen.dll
2006-08-06 04:11 183ÿ808 C:\WINDOWS\system32\ir50_qcx.dll
2006-08-06 04:11 171ÿ520 C:\WINDOWS\system32\wmerror.dll
2006-08-06 04:11 17ÿ408 C:\WINDOWS\system32\winshfhc.dll
2006-08-06 04:11 16ÿ896 C:\WINDOWS\system32\fltlib.dll
2006-08-06 04:11 151ÿ552 C:\WINDOWS\system32\wmidx.dll
2006-08-06 04:11 15ÿ872 C:\WINDOWS\system32\w3ssl.dll
2006-08-06 04:11 14ÿ336 C:\WINDOWS\system32\auditusr.exe
2006-08-06 04:11 13ÿ824 C:\WINDOWS\system32\wscntfy.exe
2006-08-06 04:11 13ÿ824 C:\WINDOWS\system32\cmsetacl.dll
2006-08-06 04:11 129ÿ536 C:\WINDOWS\system32\xmlprov.dll
2006-08-06 04:11 120ÿ320 C:\WINDOWS\system32\ir41_qc.dll
2006-08-06 04:11 118ÿ784 C:\WINDOWS\system32\msdadiag.dll
2006-08-06 04:11 116ÿ224 C:\WINDOWS\system32\p2p.dll
2006-08-06 04:11 114ÿ688 C:\WINDOWS\system32\wmpasf.dll
2006-08-06 04:11 108ÿ032 C:\WINDOWS\system32\wshbth.dll
2006-08-06 04:11 1ÿ888ÿ992 C:\WINDOWS\system32\ati3duag.dll
2006-08-06 04:11 1ÿ737ÿ856 C:\WINDOWS\system32\mtxparhd.dll
2006-08-06 04:11 1ÿ689ÿ088 C:\WINDOWS\system32\d3d9.dll
2006-08-06 04:11 1ÿ119ÿ744 C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-06 04:11 1ÿ001ÿ472 C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-06 03:40 573ÿ492 C:\WINDOWS\system32\vtstu.dll
2006-08-06 03:22 40ÿ973 C:\WINDOWS\system32\cbxyyyv.dll
2006-08-06 03:17 118ÿ784 C:\WINDOWS\system32\msstdfmt.dll
2006-08-05 22:13 402ÿ653ÿ184 C:\pagefile.sys
2006-08-05 20:51 382ÿ464 C:\WINDOWS\system32\qmgr.dll
2006-08-05 20:50 22ÿ752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-05 20:44 8ÿ192 C:\WINDOWS\system32\bitsprx2.dll
2006-08-05 20:44 7ÿ168 C:\WINDOWS\system32\bitsprx3.dll
2006-08-05 20:44 351ÿ232 C:\WINDOWS\system32\winhttp.dll
2006-08-05 20:44 18ÿ944 C:\WINDOWS\system32\qmgrprxy.dll
2006-08-05 20:35 465ÿ176 C:\WINDOWS\system32\wuapi.dll
2006-08-05 20:35 41ÿ240 C:\WINDOWS\system32\wups.dll
2006-08-05 20:35 194ÿ840 C:\WINDOWS\system32\wuaueng1.dll
2006-08-05 20:35 173ÿ848 C:\WINDOWS\system32\wuauclt1.exe
2006-08-05 20:35 173ÿ536 C:\WINDOWS\system32\wuweb.dll
2006-08-05 20:35 127ÿ256 C:\WINDOWS\system32\wucltui.dll
2006-08-05 20:21 74ÿ240 C:\WINDOWS\system32\usbui.dll
2006-08-05 20:19 85ÿ020 C:\WINDOWS\system32\dgsetup.dll
2006-08-05 20:19 8ÿ704 C:\WINDOWS\system32\batt.dll
2006-08-05 20:19 8ÿ192 C:\WINDOWS\system32\kbdhept.dll
2006-08-05 20:19 74ÿ240 C:\WINDOWS\system32\storprop.dll
2006-08-05 20:19 7ÿ168 C:\WINDOWS\system32\kbdcz.dll
2006-08-05 20:19 69ÿ632 C:\WINDOWS\notepad.exe
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdycl.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdsl1.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdsl.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdpl.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdhu.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdhela3.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdcz2.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdcz1.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\kbdcr.dll
2006-08-05 20:19 6ÿ656 C:\WINDOWS\system32\KBDAL.DLL
2006-08-05 20:19 6ÿ144 C:\WINDOWS\system32\kbdtuq.dll
2006-08-05 20:19 6ÿ144 C:\WINDOWS\system32\kbdtuf.dll
2006-08-05 20:19 6ÿ144 C:\WINDOWS\system32\kbdlv1.dll
2006-08-05 20:19 6ÿ144 C:\WINDOWS\system32\kbdlv.dll
2006-08-05 20:19 6ÿ144 C:\WINDOWS\system32\kbdhela2.dll
2006-08-05 20:19 6ÿ144 C:\WINDOWS\system32\kbdgkl.dll
2006-08-05 20:19 6ÿ144 C:\WINDOWS\system32\kbdest.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdycc.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbduzb.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdur.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdtat.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdru1.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdru.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdro.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdpl1.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdmon.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdlt1.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdlt.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdkyr.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdkaz.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdhu1.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdhe319.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdhe220.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdhe.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdbu.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdblr.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdazel.dll
2006-08-05 20:19 5ÿ632 C:\WINDOWS\system32\kbdaze.dll
2006-08-05 20:19 24ÿ661 C:\WINDOWS\system32\spxcoins.dll
2006-08-05 20:19 176ÿ157 C:\WINDOWS\system32\dgrpsetu.dll
2006-08-05 20:19 15ÿ360 C:\WINDOWS\TASKMAN.EXE
2006-08-05 20:19 13ÿ312 C:\WINDOWS\system32\irclass.dll
2006-08-05 20:19 103ÿ424 C:\WINDOWS\system32\EqnClass.Dll
2006-08-05 20:18 466ÿ944 C:\WINDOWS\system32\capicom.dll
2006-08-05 20:18 28ÿ672 C:\WINDOWS\system32\vxblock.dll
2006-08-05 19:35 112ÿ128 C:\WINDOWS\system32\mapi32.dll
2006-08-05 19:35 0 C:\MSDOS.SYS
2006-08-05 19:35 0 C:\IO.SYS
2006-08-05 19:35 0 C:\CONFIG.SYS
2006-08-05 19:35 0 C:\AUTOEXEC.BAT
2006-08-05 19:33 45ÿ568 C:\WINDOWS\system32\safrslv.dll
2006-08-05 19:33 43ÿ520 C:\WINDOWS\system32\safrcdlg.dll
2006-08-05 19:33 43ÿ520 C:\WINDOWS\system32\racpldlg.dll
2006-08-05 19:33 29ÿ696 C:\WINDOWS\system32\safrdm.dll
2006-08-05 19:33 11ÿ264 C:\WINDOWS\system32\atrace.dll
2006-08-05 19:32 86ÿ016 C:\WINDOWS\system32\isign32.dll
2006-08-05 19:32 81ÿ920 C:\WINDOWS\system32\ils.dll
2006-08-05 19:32 73ÿ728 C:\WINDOWS\system32\icwdial.dll
2006-08-05 19:32 69ÿ632 C:\WINDOWS\system32\msconf.dll
2006-08-05 19:32 679ÿ424 C:\WINDOWS\system32\inetcomm.dll
2006-08-05 19:32 67ÿ584 C:\WINDOWS\system32\srclient.dll
2006-08-05 19:32 65ÿ536 C:\WINDOWS\system32\icwphbk.dll
2006-08-05 19:32 64ÿ512 C:\WINDOWS\system32\acctres.dll
2006-08-05 19:32 48ÿ640 C:\WINDOWS\system32\inetres.dll
2006-08-05 19:32 34ÿ560 C:\WINDOWS\system32\mnmdd.dll
2006-08-05 19:32 32ÿ768 C:\WINDOWS\system32\mnmsrvc.exe
2006-08-05 19:32 32ÿ768 C:\WINDOWS\system32\isrdbg32.dll
2006-08-05 19:32 28ÿ672 C:\WINDOWS\system32\nmmkcert.dll
2006-08-05 19:32 278ÿ528 C:\WINDOWS\system32\inetcfg.dll
2006-08-05 19:32 276ÿ480 C:\WINDOWS\system32\mstask.dll
2006-08-05 19:32 252ÿ928 C:\WINDOWS\system32\msoeacct.dll
2006-08-05 19:32 240ÿ640 C:\WINDOWS\system32\srrstr.dll
2006-08-05 19:32 190ÿ976 C:\WINDOWS\system32\schedsvc.dll
2006-08-05 19:32 170ÿ496 C:\WINDOWS\system32\srsvc.dll
2006-08-05 19:32 16ÿ384 C:\WINDOWS\system32\icfgnt5.dll
2006-08-05 19:32 12ÿ288 C:\WINDOWS\system32\nmevtmsg.dll
2006-08-05 19:32 12ÿ288 C:\WINDOWS\system32\mstinit.exe
2006-08-05 19:32 105ÿ984 C:\WINDOWS\system32\msoert2.dll
2006-08-05 19:31 5ÿ632 C:\WINDOWS\system32\write.exe
2006-08-05 19:30 97ÿ792 C:\WINDOWS\system32\comrepl.dll
2006-08-05 19:30 956ÿ416 C:\WINDOWS\system32\msdtctm.dll
2006-08-05 19:30 93ÿ696 C:\WINDOWS\system32\tscfgwmi.dll
2006-08-05 19:30 91ÿ136 C:\WINDOWS\system32\mtxoci.dll
2006-08-05 19:30 9ÿ728 C:\WINDOWS\system32\reset.exe
2006-08-05 19:30 87ÿ176 C:\WINDOWS\system32\rdpwsx.dll
2006-08-05 19:30 85ÿ504 C:\WINDOWS\system32\catsrvps.dll
2006-08-05 19:30 80ÿ896 C:\WINDOWS\system32\charmap.exe
2006-08-05 19:30 73ÿ216 C:\WINDOWS\system32\avwav.dll
2006-08-05 19:30 67ÿ072 C:\WINDOWS\system32\rdshost.exe
2006-08-05 19:30 655ÿ360 C:\WINDOWS\system32\mstscax.dll
2006-08-05 19:30 625ÿ152 C:\WINDOWS\system32\catsrvut.dll
2006-08-05 19:30 62ÿ464 C:\WINDOWS\system32\rdpclip.exe
2006-08-05 19:30 605ÿ696 C:\WINDOWS\system32\getuname.dll
2006-08-05 19:30 60ÿ416 C:\WINDOWS\system32\remotepg.dll
2006-08-05 19:30 60ÿ416 C:\WINDOWS\system32\colbact.dll
2006-08-05 19:30 6ÿ656 C:\WINDOWS\system32\wuauserv.dll
2006-08-05 19:30 6ÿ144 C:\WINDOWS\system32\msdtc.exe
2006-08-05 19:30 58ÿ880 C:\WINDOWS\system32\msdtclog.dll
2006-08-05 19:30 58ÿ880 C:\WINDOWS\system32\licwmi.dll
2006-08-05 19:30 56ÿ832 C:\WINDOWS\system32\sol.exe
2006-08-05 19:30 56ÿ320 C:\WINDOWS\system32\servdeps.dll
2006-08-05 19:30 55ÿ296 C:\WINDOWS\system32\freecell.exe
2006-08-05 19:30 540ÿ160 C:\WINDOWS\system32\comuid.dll
2006-08-05 19:30 54ÿ272 C:\WINDOWS\system32\stclient.dll
2006-08-05 19:30 538ÿ624 C:\WINDOWS\system32\spider.exe
2006-08-05 19:30 5ÿ120 C:\WINDOWS\system32\dcomcnfg.exe
2006-08-05 19:30 498ÿ688 C:\WINDOWS\system32\clbcatq.dll
2006-08-05 19:30 44ÿ544 C:\WINDOWS\system32\tscupgrd.exe
2006-08-05 19:30 44ÿ544 C:\WINDOWS\system32\hticons.dll
2006-08-05 19:30 426ÿ496 C:\WINDOWS\system32\msdtcprx.dll
2006-08-05 19:30 404ÿ992 C:\WINDOWS\system32\mstsc.exe
2006-08-05 19:30 4ÿ096 C:\WINDOWS\system32\rdpcfgex.dll
2006-08-05 19:30 4ÿ096 C:\WINDOWS\system32\mtxex.dll
2006-08-05 19:30 39ÿ424 C:\WINDOWS\system32\cfgbkend.dll
2006-08-05 19:30 350ÿ208 C:\WINDOWS\system32\hypertrm.dll
2006-08-05 19:30 35ÿ328 C:\WINDOWS\system32\winchat.exe
2006-08-05 19:30 344ÿ064 C:\WINDOWS\system32\mspaint.exe
2006-08-05 19:30 33ÿ792 C:\WINDOWS\system32\regini.exe
2006-08-05 19:30 295ÿ424 C:\WINDOWS\system32\termsrv.dll
2006-08-05 19:30 25ÿ600 C:\WINDOWS\system32\comaddin.dll
2006-08-05 19:30 25ÿ088 C:\WINDOWS\system32\mtxlegih.dll
2006-08-05 19:30 227ÿ840 C:\WINDOWS\system32\avtapi.dll
2006-08-05 19:30 225ÿ792 C:\WINDOWS\system32\catsrv.dll
2006-08-05 19:30 22ÿ016 C:\WINDOWS\system32\qwinsta.exe
2006-08-05 19:30 21ÿ504 C:\WINDOWS\system32\msg.exe
2006-08-05 19:30 20ÿ480 C:\WINDOWS\system32\qprocess.exe
2006-08-05 19:30 20ÿ480 C:\WINDOWS\system32\mtxdm.dll
2006-08-05 19:30 19ÿ968 C:\WINDOWS\system32\rdpsnd.dll
2006-08-05 19:30 186ÿ368 C:\WINDOWS\system32\accwiz.exe
2006-08-05 19:30 185ÿ344 C:\WINDOWS\system32\cmprops.dll
2006-08-05 19:30 17ÿ408 C:\WINDOWS\system32\tsshutdn.exe
2006-08-05 19:30 17ÿ408 C:\WINDOWS\system32\mmfutil.dll
2006-08-05 19:30 161ÿ280 C:\WINDOWS\system32\msdtcuiu.dll
2006-08-05 19:30 16ÿ896 C:\WINDOWS\system32\qappsrv.exe
2006-08-05 19:30 16ÿ384 C:\WINDOWS\system32\tskill.exe
2006-08-05 19:30 16ÿ384 C:\WINDOWS\system32\avmeter.dll
2006-08-05 19:30 15ÿ872 C:\WINDOWS\system32\rwinsta.exe
2006-08-05 19:30 15ÿ872 C:\WINDOWS\system32\cdmodem.dll
2006-08-05 19:30 15ÿ360 C:\WINDOWS\system32\tscon.exe
2006-08-05 19:30 15ÿ360 C:\WINDOWS\system32\logoff.exe
2006-08-05 19:30 147ÿ968 C:\WINDOWS\system32\rdchost.dll
2006-08-05 19:30 147ÿ456 C:\WINDOWS\system32\comsnap.dll
2006-08-05 19:30 140ÿ800 C:\WINDOWS\system32\sessmgr.exe
2006-08-05 19:30 14ÿ848 C:\WINDOWS\system32\tsdiscon.exe
2006-08-05 19:30 14ÿ848 C:\WINDOWS\system32\shadow.exe
2006-08-05 19:30 138ÿ752 C:\WINDOWS\system32\sndvol32.exe
2006-08-05 19:30 131ÿ584 C:\WINDOWS\system32\sndrec32.exe
2006-08-05 19:30 13ÿ824 C:\WINDOWS\system32\rdsaddin.exe
2006-08-05 19:30 126ÿ976 C:\WINDOWS\system32\mshearts.exe
2006-08-05 19:30 124ÿ696 C:\WINDOWS\system32\wuauclt.exe
2006-08-05 19:30 123ÿ392 C:\WINDOWS\system32\mplay32.exe
2006-08-05 19:30 119ÿ808 C:\WINDOWS\system32\winmine.exe
2006-08-05 19:30 114ÿ688 C:\WINDOWS\system32\calc.exe
2006-08-05 19:30 110ÿ080 C:\WINDOWS\system32\clbcatex.dll
2006-08-05 19:30 11ÿ776 C:\WINDOWS\system32\xolehlp.dll
2006-08-05 19:30 11ÿ264 C:\WINDOWS\system32\icaapi.dll
2006-08-05 19:30 102ÿ400 C:\WINDOWS\system32\clipbrd.exe
2006-08-05 19:30 1ÿ343ÿ768 C:\WINDOWS\system32\wuaueng.dll
2006-08-05 19:30 1ÿ267ÿ200 C:\WINDOWS\system32\comsvcs.dll
2006-08-05 19:30 1ÿ161 C:\WINDOWS\system32\usrlogon.cmd


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdmcon.exe\""
"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"c:\\program files\\softwin\\bitdefender9\\bdnagent.exe\""
"BDSwitchAgent"="\"c:\\program files\\softwin\\bitdefender9\\bdswitch.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"µTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{B02F80B4-05DA-1035-0519-050311130166}"="\"C:\\Program Files\\Common Files\\{B02F80B4-05DA-1035-0519-050311130166}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableTaskMgr REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: ma 07.08.2006 21:17:27,95
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

 

Ajoitko tuon Vundofixin kokonaan ohjeiden mukaisesti loppuun asti? Näyttäisi siltä, ettet ajanut. Tee vielä kerran Vundofixistä antamieni ohjeiden mukaan. Lähetä Vundofixin loki hjt:n kanssa seuraavassa postissa (tee kuitenkin myös alla olevat vaiheet).


Vundon lisäksi koneella on siivottavaa rekisteristä.


Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä ([bold]muista jättää yksi tyhjä rivi viimeisen tekstirivin jälkeen[/bold]) nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)
[bold]Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{B02F80B4-05DA-1035-0519-050311130166}"=-

[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{B02F80B4-05DA-1035-0519-050311130166}][/bold]


Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen.

Poista:
C:\Program Files\Common Files\[bold]{B02F80B4-05DA-1035-0519-050311130166}\[/bold]

 

kyllä ajoin vundon kokonaan ja kopitin myös luoda tuon tiedoston, ehkä vähän huonolla menestyksellä??? loin tiedoston fix.reg, ja kun avaan sen niin se kusyy että haluanko lisätä kohteessa ....fix.reg olevat tiedot rekisteriin. painan kyllä ja se ilmoittaa että...

"ei voi tuoda tiedostoa ....työpöytä\fix.reg: tiedosto ei ole rekisterin komentojono. Vain binaarisia rekisteritiedostoja voi tuoda rekisterieditorin sisällä."

painoin ok ja käynnistin koneen uudelleen???

koitin poistaa tuon {B02F80B4-05DA-1035-0519-050311130166} mutta se antoi että...
"Ei voi poistaa services: lähdetiedosta tai -levyltä ei voi lukea."

tai sitten joku meni pieleen???

vundon ajoin taas uudestaan ja antoi samat tiedot kuin edellä...
(taidan asentaa kohta linuxin takaisin)

 

Kokeillaas josko combofix auttaa Vundon poistossa.

1. Lataa combofix.exe tiedosto (http://download.bleepingcomputer.com/sUBs/combofix.exe) työpöydällesi.
2. Käynnistä-valikko -> Suorita -> kopioi seuraava kenttään ja paina Enter:
[bold]"%userprofile%\desktop\combofix.exe" /v vtstu[/bold]

3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
4.Käynnistä tietokoneesi uudelleen
5.Lähetä tuore HijackThis loki viestiketjuusi Combofix lokin kera.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Laita myös tuon fix.reg tiedoston sisältö kokonaisuudessaan. Huomasithan lyödä yhden rivinvaihdon tuonne tiedoston loppuun?