Pojan koneessa ainakin 14 virusta (Ewidolla)

Mitäs kaikkea täältä voi poistaa ja mitä muuta pitää tehdä koneen puhdistamiseks?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:58, on 10.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\java\JavaIFX\services.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\IIS\svchost.exe
C:\WINDOWS\system32\IIS\scvhost.exe
C:\WINDOWS\System32\inetsrv\temp\services.exe
C:\WINDOWS\System32\inetsrv\temp\QuickSet.exe
c:\Windows\system32\Dap\mssvchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\LVComsX.exe
D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - D:\WINDOW~1\PCINTO~1\WEBBLI~1\webblinds.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\ctnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UltraMon] "D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Aureon 5.1 Fun Mixer] C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe /minimize
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Gold Codec\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\Gold Codec\pmsngr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: cnxUnins.bat
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JavaIFX - Unknown owner - C:\WINDOWS\java\JavaIFX\services.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Microsoft Security Center - Unknown owner - C:\WINDOWS\system32\IIS\svchost.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: QuickSettings - Unknown owner - C:\WINDOWS\System32\inetsrv\temp\services.exe
O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe

--
End of file - 11604 bytes

 

Moi.. kone on todella pahasti saastunut.. putsataan siis

========
Lataa SmitfraudFix (by S!Ri) työpöydällesi.

Tuplaklikkaa tiedostoa SmitfraudFix.exe

Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

**Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

========

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.


* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

Myös tää vikasietotilassa

Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.


========
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=======

eli smitin 1&2 raportti, combon ja sdfixin raportti = 4 raporttia.. jos joku kohta ei onnistu nii mee eteenpäin tai kysäse

 

Kesti vähän, kun täällä sivuilla oli kait ruuhkaa tms, mutta tässä nämä 4 raporttia. (ekassa vikasietotilas ajettavas tuli jotain häikkää symantecin tiedostojen kans, tai niin ohjelma ilmoitti. on ollu käytös se virusohjelma mut ei oo enää...)
SmitFraudFix v2.210

Scan done at 16:12:17,98, pe 10.08.2007
Run from D:\Documents and Settings\Koti\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\java\JavaIFX\services.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\IIS\svchost.exe
C:\WINDOWS\system32\IIS\scvhost.exe
C:\WINDOWS\System32\inetsrv\temp\services.exe
C:\WINDOWS\System32\inetsrv\temp\QuickSet.exe
c:\Windows\system32\Dap\mssvchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComsX.exe
D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Koti


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Koti\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Koti\Suosikit

D:\DOCUME~1\Koti\Suosikit\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"Startup"="MCPSystemStartup"


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Paketinajoituksen miniportti
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{89FCE17D-03C3-4E9C-8F5F-E57D832DA7EB}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{89FCE17D-03C3-4E9C-8F5F-E57D832DA7EB}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{89FCE17D-03C3-4E9C-8F5F-E57D832DA7EB}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End






SDFix: Version 1.97

Run by Koti on pe 10.08.2007 at 16:25

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
Secure
SMSS

ImagePath:
c:\Windows\system32\Dap\\mssvchost.exe -s
c:\Windows\system32\Dap\\mssvchost.exe -s

Secure - Deleted
SMSS - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File





SmitFraudFix v2.210

Scan done at 17:15:48,56, pe 10.08.2007
Run from D:\Documents and Settings\Koti\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

D:\DOCUME~1\Koti\Suosikit\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{89FCE17D-03C3-4E9C-8F5F-E57D832DA7EB}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{89FCE17D-03C3-4E9C-8F5F-E57D832DA7EB}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{89FCE17D-03C3-4E9C-8F5F-E57D832DA7EB}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"Startup"="MCPSystemStartup"


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





ComboFix 07-08-09.3 - "Koti" 2007-08-10 17:23:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.562 [GMT 3:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
D:\DOCUME~1\Koti\APPLIC~1.\macromedia\Flash Player\#SharedObjects\F9CGLWFM\www.broadcaster.com
D:\DOCUME~1\Koti\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
D:\DOCUME~1\Koti\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 17:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 17:05 1,327 --a------ D:\DOCUME~1\Koti\clean.reg
2007-08-10 16:23 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-08-10 16:12 2,534 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 15:59 396,288 --a------ C:\Koti.exe
2007-08-10 15:25 396,288 --a------ C:\HijackThis.exe
2007-08-01 17:38 <KANSIO> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-07-30 20:12 <KANSIO> d-------- D:\DOCUME~1\Koti\APPLIC~1\InterTrust
2007-07-30 20:12 <KANSIO> d-------- C:\WINDOWS\Profiles
2007-07-30 20:11 <KANSIO> d-------- C:\WINDOWS\_ISTMP1.DIR
2007-07-20 02:00 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-07-20 01:58 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-07-20 01:58 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-18 18:36 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2007-07-18 18:36 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2007-07-18 18:36 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2007-07-18 18:36 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2007-07-18 18:36 <KANSIO> d-------- C:\Program Files\Ubi Soft
2007-07-15 22:37 <KANSIO> d-------- C:\WINDOWS\system32\FlashAX
2007-07-13 12:49 491,520 --a------ C:\WINDOWS\Au51Fun.exe
2007-07-13 12:47 <KANSIO> d-------- C:\WINDOWS\system32\VIRepair
2007-07-13 12:24 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-07-13 12:24 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-07-13 12:24 379,726 -ra------ C:\WINDOWS\system32\drivers\cmaudio.sys
2007-07-13 12:24 32,768 -ra------ C:\WINDOWS\system32\cmnprop.dll
2007-07-12 04:11 <KANSIO> d--h----- C:\WINDOWS\system32\channels
2007-07-11 21:01 <KANSIO> d-------- D:\DOCUME~1\aston\APPLIC~1\Creative


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-12-09 00:32 87040 --a------ C:\WINDOWS\system32\ra32sipr.dll
2007-12-09 00:32 85504 --a------ C:\WINDOWS\system32\encdnet.dll
2007-12-09 00:32 81920 --a------ C:\WINDOWS\system32\ra3214_4.dll
2007-12-09 00:32 72704 --a------ C:\WINDOWS\system32\ra3228_8.dll
2007-12-09 00:32 61952 --a------ C:\WINDOWS\system32\decdnet.dll
2007-12-09 00:32 487936 --a------ C:\WINDOWS\system32\rmbe3260.dll
2007-12-09 00:32 487424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-12-09 00:32 352768 --a------ C:\WINDOWS\system32\pngu3263.dll
2007-12-09 00:32 344064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-12-09 00:32 21504 --a------ C:\WINDOWS\system32\ra32dnet.dll
2007-12-09 00:32 131072 --a------ C:\WINDOWS\system32\pneng50.dll
2007-12-09 00:32 130560 --a------ C:\WINDOWS\system32\pnc3250.dll
2007-08-10 07:55 380198 --a------ C:\WINDOWS\java\JavaIFX\JavaIFXL.dll
2007-08-10 00:12 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\LimeWire
2007-08-09 23:06 4 --a------ C:\WINDOWS\java\JavaIFX\JavaIFX.dll
2007-08-03 18:15 83516 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-03 18:15 393762 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-08-03 13:34 --------- d-------- C:\Program Files\Common Files\HP
2007-08-01 17:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 18:06 --------- d-------- C:\Program Files\VstPlugins
2007-07-20 02:09 --------- d-------- C:\Program Files\DivX
2007-07-16 16:23 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-13 12:47 --------- d-------- C:\Program Files\MSN Messenger
2007-07-09 22:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 22:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 22:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 22:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 22:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 22:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 22:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 22:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 22:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 22:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-05 14:27 --------- d-------- C:\Program Files\TopDesk
2007-07-05 04:16 2148864 --a------ C:\WINDOWS\system32\kernel1.exe
2007-07-05 03:22 --------- d-------- C:\Program Files\Movie Maker
2007-07-05 03:19 6112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-05 03:19 56300 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-05 02:38 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\ViStart
2007-06-30 12:28 --------- d-------- C:\Program Files\Winamp
2007-06-25 15:50 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\Vso
2007-06-17 11:55 --------- d-------- C:\Program Files\Windows Live
2007-06-17 11:55 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-14 20:56 1440967 --a------ C:\quick.exe
2007-06-13 22:42 36108 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-13 22:42 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-13 22:29 --------- d-------- C:\Program Files\Common Files\DigiDesign
2007-06-09 18:55 680442 --a------ C:\scan2.exe
2007-06-09 18:49 679873 --a------ C:\toto.exe
2007-06-09 14:13 828426 --a------ C:\Ecidma.exe
2007-06-09 13:47 784095 --a------ C:\ash.exe
2007-06-07 20:28 1048576 --a------ C:\WINDOWS\java\JavaIFX\security\1mb.bin
2007-06-07 19:43 34 --a------ C:\run.bat
2007-06-07 19:41 899419 --a------ C:\ifx.exe
2007-06-06 00:09 4276 --a------ C:\WINDOWS\mozver.dat
2007-06-02 01:25 87608 --a------ D:\DOCUME~1\Koti\APPLIC~1\inst.exe
2007-06-02 01:25 47360 --a------ D:\DOCUME~1\Koti\APPLIC~1\pcouffin.sys
2007-05-19 23:52 532480 --a------ C:\WINDOWS\system32\Minutes until Midnight-Linkin Park.scr
2007-05-16 18:14 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-12 23:04 7853568 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-05-12 15:31 55 --ah----- C:\WINDOWS\sysreg.dat
2006-10-25 12:09 83950 --a------ C:\WINDOWS\java\JavaIFX\JIFX.exe
2006-10-17 07:04 22016 --a------ C:\WINDOWS\java\JavaIFX\services.exe
2006-07-30 14:22 1875110 --a------ C:\WINDOWS\java\JavaIFX\cygwin1.dll
2003-10-19 05:12 6656 --a------ C:\WINDOWS\java\JavaIFX\cygcrypt-0.dll
2005-07-14 19:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2004-07-13 01:05:58 2,282 --sha-w C:\WINDOWS\system32\Dap\Secure.bat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1A:Stardock TrayMonitor"="C:\Program Files\Common Files\stardock\TrayServer.exe" [2003-02-14 04:57]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-21 11:25]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\ctnotify.exe" []
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\soundman.exe]
"UltraMon"="D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" [2006-10-12 22:27]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 04:59]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 20:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 21:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 01:05]
"LClock"="C:\Program Files\LClock\LClock.exe" []
"Aureon 5.1 Fun Mixer"="C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe" []

D:\Documents and Settings\Koti\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50]
cnxUnins.bat [2007-05-13 17:08:36]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02]
Stardock ObjectDock.lnk - D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe [2007-01-13 21:33:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\WINDOW~2\wbsrv.dll 2005-12-06 22:16 176128 D:\WINDOW~2\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone Fast Start.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Last.fm Helper.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Run Google Web Accelerator.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Thoosje Sidebar .lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Thoosje Sidebar .lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^TransBar.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Vista Search.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Vista Search.lnk
backup=C:\WINDOWS\pss\Vista Search.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Y'z Shadow.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
c:\apps\ABoard\ABoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
D:\Program Files\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
D:\Windows skinit\PC Into Mac ohjelmat\cursor\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"F:\Mika\Ohjelmat jne\DAemon\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe /automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"D:\Windows skinit\PC Into Mac ohjelmat\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orbit]
D:\Windows skinit\Orbit\Orbit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
D:\ISOPower\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowFX]
D:\WINDOW~1\PCINTO~1\WindowFX\\wfxload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"SAVScan"=3 (0x3)
"rpcapd"=3 (0x3)
"ISSVC"=2 (0x2)

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 JavaIFX;JavaIFX;C:\WINDOWS\java\JavaIFX\services.exe
R2 Microsoft Security Center;Microsoft Security Center;C:\WINDOWS\system32\IIS\svchost.exe
R2 Nsynas32;Nsynas32;C:\WINDOWS\system32\drivers\Nsynas32.sys
R2 QuickSettings;QuickSettings;C:\WINDOWS\System32\inetsrv\temp\services.exe
R2 ScFBPNT2;CanoScan FBP2 Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT2.SYS
R2 UltraMonUtility;UltraMon Utility Driver;\??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 QCMerced;Logitech QuickCam Communicate;C:\WINDOWS\system32\DRIVERS\LVCM.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 WindowsUpdate;FireDaemon Service: WindowsUpdate;c:\Windows\system32\Dap\\mssvchost.exe -s
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
S3 nm;Verkonvalvonnan ohjain;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-08-07 09:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 17:30:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x2022\xd3w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000015a

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 17:33:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 17:32

--- E O F ---

 

Ensin poista ohjauspaneelin lisää/poista sovelluksen kautta messenger plus..


Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

Laita myös uusi hijackthis logi nii jatketaa

 

Tässä seuraavat raportit. (combofixin lopussa tuli joku juttu, että olis pitäny lähettää tiedosto johonki, mutten laittanu. Ei kai haittaa...)

ComboFix 07-08-09.3 - "Koti" 2007-08-10 21:44:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.642 [GMT 3:00]
Command switches used :: D:\Documents and Settings\Koti\Ty”p”yt„\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\java\JavaIFX\
C:\WINDOWS\java\JavaIFX\\cygcrypt-0.dll
C:\WINDOWS\java\JavaIFX\\cygwin1.dll
C:\WINDOWS\java\JavaIFX\\javaifx.cntrl
C:\WINDOWS\java\JavaIFX\\JavaIFX.dll
C:\WINDOWS\java\JavaIFX\\JavaIFX.Status
C:\WINDOWS\java\JavaIFX\\JavaIFX.Status~
C:\WINDOWS\java\JavaIFX\\JavaIFXL.dll
C:\WINDOWS\java\JavaIFX\\JIFX.exe
C:\WINDOWS\java\JavaIFX\\security\1mb.bin
C:\WINDOWS\java\JavaIFX\\services.exe
C:\WINDOWS\java\JavaIFX\\services.ini
C:\WINDOWS\java\JavaIFX\\services.log
C:\WINDOWS\java\JavaIFX\cygcrypt-0.dll
C:\WINDOWS\java\JavaIFX\cygwin1.dll
C:\WINDOWS\java\JavaIFX\JIFX.exe
C:\WINDOWS\java\JavaIFX\services.exe
c:\Windows\system32\Dap\
c:\Windows\system32\Dap\\cygwin1.dll
c:\Windows\system32\Dap\\Dap
c:\Windows\system32\Dap\\Dap.bkup
c:\Windows\system32\Dap\\Dap.txt
c:\Windows\system32\Dap\\Dap1
c:\Windows\system32\Dap\\Drives.txt
c:\Windows\system32\Dap\\FireDaemonRT.dll
c:\Windows\system32\Dap\\libxml2.dll
c:\Windows\system32\Dap\\mssvc.dtd
c:\Windows\system32\Dap\\mssvchost.dll
c:\Windows\system32\Dap\\mssvchost.exe
c:\Windows\system32\Dap\\MSUpdate.reg
c:\Windows\system32\Dap\\Secure.bat
c:\Windows\system32\Dap\\Secure.xml
c:\Windows\system32\Dap\\ServUDaemon.ini
c:\Windows\system32\Dap\\ServUStartUpLog.txt
c:\Windows\system32\Dap\\smss.xml
c:\Windows\system32\Dap\\SvcAdmin.dll
c:\Windows\system32\Dap\\tar.exe
c:\Windows\system32\Dap\\TzoLibr.dll
c:\Windows\system32\Dap\\WBotName.bat
c:\Windows\system32\Dap\\WDap.bat
c:\Windows\system32\Dap\\windows.mp3
c:\Windows\system32\Dap\\WindowsUpdate.xml
c:\Windows\system32\Dap\mssvchost.exe
C:\WINDOWS\system32\Dap\Secure.bat
C:\WINDOWS\system32\IIS\_BLOCK.WB4
C:\WINDOWS\system32\IIS\_PersonalityVert1.WB4
C:\WINDOWS\system32\IIS\_PersonalityVert2.WB4
C:\WINDOWS\system32\IIS\aliases.ini
C:\WINDOWS\system32\IIS\mirc.ini
C:\WINDOWS\system32\IIS\moodll.mrc
C:\WINDOWS\system32\IIS\radmin.txt
C:\WINDOWS\system32\IIS\regedit
C:\WINDOWS\system32\IIS\remote.ini
C:\WINDOWS\system32\IIS\scvhost.exe
C:\WINDOWS\system32\IIS\setup.bat
C:\WINDOWS\system32\IIS\svchost.exe
C:\WINDOWS\system32\IIS\svchost.ini
C:\WINDOWS\system32\IIS\svchost.log
C:\WINDOWS\system32\IIS\uninstall.uni
C:\WINDOWS\System32\inetsrv\temp
C:\WINDOWS\System32\inetsrv\temp\668gapysfx8k6.ths
C:\WINDOWS\System32\inetsrv\temp\download\[cX].Criminal.Xing.DVDRip.KVCD.(ScottScorpion).rar
C:\WINDOWS\System32\inetsrv\temp\download\[cX]1408.KVCD.CAM.FuZe.(fozie).rar
C:\WINDOWS\System32\inetsrv\temp\download\[cX]Aqua.Teen.Hunger.Force.Colon.Movie.Film.For.Theaters.REPACK.RETAIL.KVCD.DVDRip.DiAMOND.(fozie).rar
C:\WINDOWS\System32\inetsrv\temp\download\[cX]Talk.To.Me.CAM.KVCD.CAMERA.(fozie).rar
C:\WINDOWS\System32\inetsrv\temp\ifx.dat
C:\WINDOWS\System32\inetsrv\temp\ifx.ini
C:\WINDOWS\System32\inetsrv\temp\mirc.ini
C:\WINDOWS\System32\inetsrv\temp\Quick.exe
C:\WINDOWS\System32\inetsrv\temp\remote.ini
C:\WINDOWS\System32\inetsrv\temp\server\5meg
C:\WINDOWS\System32\inetsrv\temp\servers.ini
C:\WINDOWS\System32\inetsrv\temp\services.exe
C:\WINDOWS\System32\inetsrv\temp\services.ini
C:\WINDOWS\System32\inetsrv\temp\services.log


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 17:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 17:05 1,327 --a------ D:\DOCUME~1\Koti\clean.reg
2007-08-10 16:23 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-08-10 16:12 2,534 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 15:59 396,288 --a------ C:\Koti.exe
2007-08-10 15:25 396,288 --a------ C:\HijackThis.exe
2007-08-01 17:38 <KANSIO> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-07-30 20:12 <KANSIO> d-------- D:\DOCUME~1\Koti\APPLIC~1\InterTrust
2007-07-30 20:12 <KANSIO> d-------- C:\WINDOWS\Profiles
2007-07-30 20:11 <KANSIO> d-------- C:\WINDOWS\_ISTMP1.DIR
2007-07-20 02:00 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-07-20 01:58 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-07-20 01:58 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-18 18:36 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2007-07-18 18:36 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2007-07-18 18:36 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2007-07-18 18:36 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2007-07-18 18:36 <KANSIO> d-------- C:\Program Files\Ubi Soft
2007-07-15 22:37 <KANSIO> d-------- C:\WINDOWS\system32\FlashAX
2007-07-13 12:49 491,520 --a------ C:\WINDOWS\Au51Fun.exe
2007-07-13 12:47 <KANSIO> d-------- C:\WINDOWS\system32\VIRepair
2007-07-13 12:24 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-07-13 12:24 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-07-13 12:24 379,726 -ra------ C:\WINDOWS\system32\drivers\cmaudio.sys
2007-07-13 12:24 32,768 -ra------ C:\WINDOWS\system32\cmnprop.dll
2007-07-12 04:11 <KANSIO> d--h----- C:\WINDOWS\system32\channels
2007-07-11 21:01 <KANSIO> d-------- D:\DOCUME~1\aston\APPLIC~1\Creative


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-12-09 00:32 87040 --a------ C:\WINDOWS\system32\ra32sipr.dll
2007-12-09 00:32 85504 --a------ C:\WINDOWS\system32\encdnet.dll
2007-12-09 00:32 81920 --a------ C:\WINDOWS\system32\ra3214_4.dll
2007-12-09 00:32 72704 --a------ C:\WINDOWS\system32\ra3228_8.dll
2007-12-09 00:32 61952 --a------ C:\WINDOWS\system32\decdnet.dll
2007-12-09 00:32 487936 --a------ C:\WINDOWS\system32\rmbe3260.dll
2007-12-09 00:32 487424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-12-09 00:32 352768 --a------ C:\WINDOWS\system32\pngu3263.dll
2007-12-09 00:32 344064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-12-09 00:32 21504 --a------ C:\WINDOWS\system32\ra32dnet.dll
2007-12-09 00:32 131072 --a------ C:\WINDOWS\system32\pneng50.dll
2007-12-09 00:32 130560 --a------ C:\WINDOWS\system32\pnc3250.dll
2007-08-10 00:12 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\LimeWire
2007-08-03 18:15 83516 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-03 18:15 393762 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-08-03 13:34 --------- d-------- C:\Program Files\Common Files\HP
2007-08-01 17:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 18:06 --------- d-------- C:\Program Files\VstPlugins
2007-07-20 02:09 --------- d-------- C:\Program Files\DivX
2007-07-16 16:23 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-13 12:47 --------- d-------- C:\Program Files\MSN Messenger
2007-07-09 22:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 22:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 22:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 22:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 22:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 22:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 22:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 22:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 22:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 22:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-05 14:27 --------- d-------- C:\Program Files\TopDesk
2007-07-05 04:16 2148864 --a------ C:\WINDOWS\system32\kernel1.exe
2007-07-05 03:22 --------- d-------- C:\Program Files\Movie Maker
2007-07-05 03:19 6112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-05 03:19 56300 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-05 02:38 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\ViStart
2007-06-30 12:28 --------- d-------- C:\Program Files\Winamp
2007-06-25 15:50 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\Vso
2007-06-17 11:55 --------- d-------- C:\Program Files\Windows Live
2007-06-17 11:55 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-14 20:56 1440967 --a------ C:\quick.exe
2007-06-13 22:42 36108 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-13 22:42 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-13 22:29 --------- d-------- C:\Program Files\Common Files\DigiDesign
2007-06-09 18:55 680442 --a------ C:\scan2.exe
2007-06-09 18:49 679873 --a------ C:\toto.exe
2007-06-09 14:13 828426 --a------ C:\Ecidma.exe
2007-06-09 13:47 784095 --a------ C:\ash.exe
2007-06-07 19:43 34 --a------ C:\run.bat
2007-06-07 19:41 899419 --a------ C:\ifx.exe
2007-06-06 00:09 4276 --a------ C:\WINDOWS\mozver.dat
2007-06-02 01:25 87608 --a------ D:\DOCUME~1\Koti\APPLIC~1\inst.exe
2007-06-02 01:25 47360 --a------ D:\DOCUME~1\Koti\APPLIC~1\pcouffin.sys
2007-05-19 23:52 532480 --a------ C:\WINDOWS\system32\Minutes until Midnight-Linkin Park.scr
2007-05-16 18:14 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-12 23:04 7853568 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-05-12 15:31 55 --ah----- C:\WINDOWS\sysreg.dat
2005-07-14 19:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1A:Stardock TrayMonitor"="C:\Program Files\Common Files\stardock\TrayServer.exe" [2003-02-14 04:57]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-21 11:25]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\ctnotify.exe" []
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\soundman.exe]
"UltraMon"="D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" [2006-10-12 22:27]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 04:59]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 20:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 21:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 01:05]
"LClock"="C:\Program Files\LClock\LClock.exe" []
"Aureon 5.1 Fun Mixer"="C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe" []

D:\Documents and Settings\Koti\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50]
cnxUnins.bat [2007-05-13 17:08:36]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02]
Stardock ObjectDock.lnk - D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe [2007-01-13 21:33:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\WINDOW~2\wbsrv.dll 2005-12-06 22:16 176128 D:\WINDOW~2\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone Fast Start.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Last.fm Helper.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Run Google Web Accelerator.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Thoosje Sidebar .lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Thoosje Sidebar .lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^TransBar.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Vista Search.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Vista Search.lnk
backup=C:\WINDOWS\pss\Vista Search.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Y'z Shadow.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
c:\apps\ABoard\ABoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
D:\Program Files\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
D:\Windows skinit\PC Into Mac ohjelmat\cursor\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"F:\Mika\Ohjelmat jne\DAemon\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe /automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"D:\Windows skinit\PC Into Mac ohjelmat\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orbit]
D:\Windows skinit\Orbit\Orbit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
D:\ISOPower\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowFX]
D:\WINDOW~1\PCINTO~1\WindowFX\\wfxload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"SAVScan"=3 (0x3)
"rpcapd"=3 (0x3)
"ISSVC"=2 (0x2)

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 Nsynas32;Nsynas32;C:\WINDOWS\system32\drivers\Nsynas32.sys
R2 ScFBPNT2;CanoScan FBP2 Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT2.SYS
R2 UltraMonUtility;UltraMon Utility Driver;\??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 QCMerced;Logitech QuickCam Communicate;C:\WINDOWS\system32\DRIVERS\LVCM.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 JavaIFX;JavaIFX;C:\WINDOWS\java\JavaIFX\services.exe
S2 Microsoft Security Center;Microsoft Security Center;C:\WINDOWS\system32\IIS\svchost.exe
S2 QuickSettings;QuickSettings;C:\WINDOWS\System32\inetsrv\temp\services.exe
S2 WindowsUpdate;FireDaemon Service: WindowsUpdate;c:\Windows\system32\Dap\\mssvchost.exe -s
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
S3 nm;Verkonvalvonnan ohjain;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-08-07 09:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 21:51:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x2022\xd3w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000150

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 21:55:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 21:54
C:\ComboFix2.txt ... 2007-08-10 17:33

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:21, on 10.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\TopDesk\topdesk.exe
D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMonTaskbar.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - D:\WINDOW~1\PCINTO~1\WEBBLI~1\webblinds.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\ctnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UltraMon] "D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Aureon 5.1 Fun Mixer] C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe /minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: cnxUnins.bat
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JavaIFX - Unknown owner - C:\WINDOWS\java\JavaIFX\services.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Microsoft Security Center - Unknown owner - C:\WINDOWS\system32\IIS\svchost.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: QuickSettings - Unknown owner - C:\WINDOWS\System32\inetsrv\temp\services.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe (file missing)

--
End of file - 10619 bytes

 

Noo... kyllä se vähän haittaa lähetetään sitten lopussa nuo näytteet kehittäjille.. helpottaa tulevia uhreja..

========

Asiaan:

Poistitko messenger plussan ohjauspaneelin kautta?

========

Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.


==========

kopioi seuraavat rivit esim notepad:in

Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot

tuplaklikka hiirellä FIX.BAT :a

=======

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)


Tässä ohje miten merkataan:


=======

Laita sitten uusi hijackthislogi

 

Niin, en poistanu sitä messenger plussaa ohjauspaneelista...

ComboFix 07-08-09.3 - "Koti" 2007-08-10 22:26:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.483 [GMT 3:00]
Command switches used :: D:\Documents and Settings\Koti\Ty”p”yt„\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\kernel1.exe
C:\scan2.exe
C:\toto.exe
C:\Ecidma.exe
C:\ash.exe
C:\run.bat
C:\ifx.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ash.exe
C:\Ecidma.exe
C:\ifx.exe
C:\Program Files\Messenger Plus! Live\Detoured.dll
C:\Program Files\Messenger Plus! Live\Events Style Sheet.xsl
C:\Program Files\Messenger Plus! Live\lame_enc.dll
C:\Program Files\Messenger Plus! Live\Languages\Lng_Arabic.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Catalan.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Danish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Default.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Dutch.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Estonian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Finnish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_French.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_German.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hebrew.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hungarian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Italian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Japanese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Korean.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Norwegian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Portuguese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Spanish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Swedish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Thai.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Turkish.ini
C:\Program Files\Messenger Plus! Live\libsndfile.dll
C:\Program Files\Messenger Plus! Live\Log Viewer.exe
C:\Program Files\Messenger Plus! Live\MPScripts.dll
C:\Program Files\Messenger Plus! Live\MPTools.exe
C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll
C:\Program Files\Messenger Plus! Live\Scripts\Insult\Images\background.png
C:\Program Files\Messenger Plus! Live\Scripts\Insult\Images\Thumbs.db
C:\Program Files\Messenger Plus! Live\Scripts\Insult\Insult.js
C:\Program Files\Messenger Plus! Live\Scripts\Insult\Insults.dat
C:\Program Files\Messenger Plus! Live\Scripts\Insult\Interface.xml
C:\Program Files\Messenger Plus! Live\Scripts\Insult\Responses.dat
C:\Program Files\Messenger Plus! Live\Scripts\Insult\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\_translationClass.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\_util.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\api.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\autoupdate.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\coverArt.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\dlls\wmp9.dll
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\hotkeys.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\About.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Commands.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Dp.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Lyrics.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Main.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Misc.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Misc2.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\NoCover.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Psm.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Remote.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Images\Tags.png
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\interface.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Languages\English.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Languages\Espanol.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Languages\Leet.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\Languages\Nederlands.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\lyric_parsers\azlyrics.lyrics.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\lyric_parsers\Leos.lyrics.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\lyric_parsers\Metro.lyrics.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\lyrics.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\main.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\NPConfig.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\ExamplePlayer.base.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\iTunes.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\jetAudio.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\MediaMonkey.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\Winamp.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\players\WMP.player.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\prefstore.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\sendKeys.js
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\updateInterface.xml
C:\Program Files\Messenger Plus! Live\Scripts\Now Playing\window.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\+Mapper.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\defaultmap.htm
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\editfunctions.javascript
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\General Functions.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Images\delete.png
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Images\loadingAnimation.gif
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Images\maps.png
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\jquery.javascript
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\livedefault.htm
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\liveeditfunctions.javascript
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\maps.xml
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Menu.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\thickbox.css
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\thickbox.javascript
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\Windows.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus Mapper\windows.xml
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\Core.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\Email.Sender.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\Email_Sender.xml
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\mimetypes.txt
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\PlusMail.dll
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\util_file.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\util_form.multipart.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\util_misc.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\util_MsgPlus.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\util_string.js
C:\Program Files\Messenger Plus! Live\Scripts\Plus!Mail\util_window.js
C:\Program Files\Messenger Plus! Live\Scripts\Random Fact Generator\chuck.txt
C:\Program Files\Messenger Plus! Live\Scripts\Random Fact Generator\mrt.txt
C:\Program Files\Messenger Plus! Live\Scripts\Random Fact Generator\Random Fact Generator.js
C:\Program Files\Messenger Plus! Live\Scripts\Random Fact Generator\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Random Fact Generator\vin.txt
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\Commands.js
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\Interface.js
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\Interface.xml
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\ReadThis.js
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\reg.js
C:\Program Files\Messenger Plus! Live\Scripts\ReadThis\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\_translationClass.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\_window.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\48pxAdditionalImage.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\bmp.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\countdown.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\jpg.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\logo.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\no_image.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\overlay.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\pnggif.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\preferences.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\server.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Images\vista_folder.png
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndAbout.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndAdvanced.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndAllContacts.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndCountdown.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndCountdownDisplay.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndFTPUpload.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndGeneral.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndHotkeys.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndLanguage.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndMultiChat.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndPref.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndPreview.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndRecentImages.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndScreenshotViewer.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndSelect.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndSubclass.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Interface\WndUpdate.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\Languages\English.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.functions.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.gdip_functions.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.gdip_variables.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.hotkey_functions.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.menu.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.preferences.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.registry.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.script.commands.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.timer.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.update.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\ss4.variables.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndAbout.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndAdvanced.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndAllContacts.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndCountdown.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndCountdownDisplay.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndFTPUpload.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndGeneral.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndLanguage.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndMultiChat.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndPref.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndPreview.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndRecentImages.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndScreenshotViewer.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\Screenshot Sender 4\WndSelect.handler.js
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_registry.js
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendfile.exe
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendTo.js
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\FileListener.xml
C:\Program Files\Messenger Plus! Live\Scripts\SendTo\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\_Stickynotes.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Data\Colors.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Data\Registry.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Data\Stickynotes.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\functions.misc.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\functions.string.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.chatnotesender.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.menucommands.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.registryreader.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.stickynote.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.stickynotes.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\handler.xmlcarrier.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Accept_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Accept_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Accept_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Appearance_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Appearance_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Appearance_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Cancel_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Cancel_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Cancel_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Check_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Check_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Collapse_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Collapse_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Collapse_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Edit_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Edit_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Edit_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Expand_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Expand_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\header-about.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Lock_disabled.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Lock_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Lock_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\logo-small.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Thumbs.db
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Unlock_off.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Images\Unlock_on.png
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\About.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\Listener.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\Options.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\SendNotes.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Interfaces\Update.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Themes\Flair.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Themes\Simple.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\Themes\Square.xml
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\window.preferences.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\window.stickynote.js
C:\Program Files\Messenger Plus! Live\Scripts\Stickynotes\window.updates.js
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\AI.txt
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\AIdocs.txt
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\boom.mp3
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\config.ini
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\UNeed.js
C:\Program Files\Messenger Plus! Live\Scripts\UNeed Script\wot.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\_wlm.preview.box.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\916796151\PreviewBox.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.menu.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.regestry.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.window.pref.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.window.preview.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\handler.window.preview.settings.js
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_close.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_close_hot.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_close_pushed.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_send.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_send_hot.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\btn_send_pushed.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\colorwheel.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\general.png
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\not needed.rar
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Images\Thumbs.db
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\About.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\not needed.rar
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\PreviewBox.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\UI.Colours.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\UI.General.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\UI.Help.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\Interfaces\UI.xml
C:\Program Files\Messenger Plus! Live\Scripts\WLM Preview Box\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Your Mom!\images\img.png
C:\Program Files\Messenger Plus! Live\Scripts\Your Mom!\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\Your Mom!\WndAbout.xml
C:\Program Files\Messenger Plus! Live\Scripts\Your Mom!\Your Mom.js
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\images\Thumbs.db
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\images\vd-logo.png
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\images\youtubelogo.png
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\window.xml
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Launcher\Youtube.js
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\Images\Thumbs.db
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\Images\youtube.png
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\Message Handler.js
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\ScriptInfo.xml
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\Startup Handler.js
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\Variables and Menus.js
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\Viewer.html
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\YouTube Viewer.js
C:\Program Files\Messenger Plus! Live\Scripts\YouTube Viewer\youtubewindow.xml
C:\Program Files\Messenger Plus! Live\Uninstall.exe
C:\run.bat
C:\scan2.exe
C:\toto.exe
C:\WINDOWS\system32\kernel1.exe


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-10 17:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 17:05 1,327 --a------ D:\DOCUME~1\Koti\clean.reg
2007-08-10 16:23 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-08-10 16:12 2,534 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 15:59 396,288 --a------ C:\Koti.exe
2007-08-10 15:25 396,288 --a------ C:\HijackThis.exe
2007-08-01 17:38 <KANSIO> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-07-30 20:12 <KANSIO> d-------- D:\DOCUME~1\Koti\APPLIC~1\InterTrust
2007-07-30 20:12 <KANSIO> d-------- C:\WINDOWS\Profiles
2007-07-30 20:11 <KANSIO> d-------- C:\WINDOWS\_ISTMP1.DIR
2007-07-20 02:00 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-07-20 01:58 <KANSIO> d-------- C:\WINDOWS\system32\LogFiles
2007-07-20 01:58 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-18 18:36 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2007-07-18 18:36 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2007-07-18 18:36 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2007-07-18 18:36 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2007-07-18 18:36 <KANSIO> d-------- C:\Program Files\Ubi Soft
2007-07-15 22:37 <KANSIO> d-------- C:\WINDOWS\system32\FlashAX
2007-07-13 12:49 491,520 --a------ C:\WINDOWS\Au51Fun.exe
2007-07-13 12:47 <KANSIO> d-------- C:\WINDOWS\system32\VIRepair
2007-07-13 12:24 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-07-13 12:24 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-07-13 12:24 379,726 -ra------ C:\WINDOWS\system32\drivers\cmaudio.sys
2007-07-13 12:24 32,768 -ra------ C:\WINDOWS\system32\cmnprop.dll
2007-07-12 04:11 <KANSIO> d--h----- C:\WINDOWS\system32\channels
2007-07-11 21:01 <KANSIO> d-------- D:\DOCUME~1\aston\APPLIC~1\Creative


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-12-09 00:32 87040 --a------ C:\WINDOWS\system32\ra32sipr.dll
2007-12-09 00:32 85504 --a------ C:\WINDOWS\system32\encdnet.dll
2007-12-09 00:32 81920 --a------ C:\WINDOWS\system32\ra3214_4.dll
2007-12-09 00:32 72704 --a------ C:\WINDOWS\system32\ra3228_8.dll
2007-12-09 00:32 61952 --a------ C:\WINDOWS\system32\decdnet.dll
2007-12-09 00:32 487936 --a------ C:\WINDOWS\system32\rmbe3260.dll
2007-12-09 00:32 487424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-12-09 00:32 352768 --a------ C:\WINDOWS\system32\pngu3263.dll
2007-12-09 00:32 344064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-12-09 00:32 21504 --a------ C:\WINDOWS\system32\ra32dnet.dll
2007-12-09 00:32 131072 --a------ C:\WINDOWS\system32\pneng50.dll
2007-12-09 00:32 130560 --a------ C:\WINDOWS\system32\pnc3250.dll
2007-08-10 00:12 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\LimeWire
2007-08-03 18:15 83516 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-03 18:15 393762 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-08-03 13:34 --------- d-------- C:\Program Files\Common Files\HP
2007-08-01 17:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 18:06 --------- d-------- C:\Program Files\VstPlugins
2007-07-20 02:09 --------- d-------- C:\Program Files\DivX
2007-07-16 16:23 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-13 12:47 --------- d-------- C:\Program Files\MSN Messenger
2007-07-09 22:07 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 22:07 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 22:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 22:05 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 22:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 22:05 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-09 22:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 22:05 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 22:05 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 22:05 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 22:05 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 22:05 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 22:05 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 22:05 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 22:05 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-05 14:27 --------- d-------- C:\Program Files\TopDesk
2007-07-05 03:22 --------- d-------- C:\Program Files\Movie Maker
2007-07-05 03:19 6112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-05 03:19 56300 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-05 02:38 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\ViStart
2007-06-30 12:28 --------- d-------- C:\Program Files\Winamp
2007-06-25 15:50 --------- d-------- D:\DOCUME~1\Koti\APPLIC~1\Vso
2007-06-17 11:55 --------- d-------- C:\Program Files\Windows Live
2007-06-14 20:56 1440967 --a------ C:\quick.exe
2007-06-13 22:42 36108 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-13 22:42 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-13 22:29 --------- d-------- C:\Program Files\Common Files\DigiDesign
2007-06-06 00:09 4276 --a------ C:\WINDOWS\mozver.dat
2007-06-02 01:25 87608 --a------ D:\DOCUME~1\Koti\APPLIC~1\inst.exe
2007-06-02 01:25 47360 --a------ D:\DOCUME~1\Koti\APPLIC~1\pcouffin.sys
2007-05-19 23:52 532480 --a------ C:\WINDOWS\system32\Minutes until Midnight-Linkin Park.scr
2007-05-16 18:14 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-12 23:04 7853568 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-05-12 15:31 55 --ah----- C:\WINDOWS\sysreg.dat
2005-07-14 19:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1A:Stardock TrayMonitor"="C:\Program Files\Common Files\stardock\TrayServer.exe" [2003-02-14 04:57]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-21 11:25]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\ctnotify.exe" []
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 C:\WINDOWS\soundman.exe]
"UltraMon"="D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" [2006-10-12 22:27]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 04:59]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 20:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 21:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 14:00]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 01:05]
"LClock"="C:\Program Files\LClock\LClock.exe" []
"Aureon 5.1 Fun Mixer"="C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe" []

D:\Documents and Settings\Koti\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50]
cnxUnins.bat [2007-05-13 17:08:36]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02]
Stardock ObjectDock.lnk - D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe [2007-01-13 21:33:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\WINDOW~2\wbsrv.dll 2005-12-06 22:16 176128 D:\WINDOW~2\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone Fast Start.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Last.fm Helper.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Run Google Web Accelerator.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Thoosje Sidebar .lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Thoosje Sidebar .lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^TransBar.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Vista Search.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Vista Search.lnk
backup=C:\WINDOWS\pss\Vista Search.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Y'z Shadow.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
c:\apps\ABoard\ABoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
D:\Program Files\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
D:\Windows skinit\PC Into Mac ohjelmat\cursor\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"F:\Mika\Ohjelmat jne\DAemon\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe /automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"D:\Windows skinit\PC Into Mac ohjelmat\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orbit]
D:\Windows skinit\Orbit\Orbit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
D:\ISOPower\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowFX]
D:\WINDOW~1\PCINTO~1\WindowFX\\wfxload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"SAVScan"=3 (0x3)
"rpcapd"=3 (0x3)
"ISSVC"=2 (0x2)

R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 Nsynas32;Nsynas32;C:\WINDOWS\system32\drivers\Nsynas32.sys
R2 ScFBPNT2;CanoScan FBP2 Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT2.SYS
R2 UltraMonUtility;UltraMon Utility Driver;\??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 QCMerced;Logitech QuickCam Communicate;C:\WINDOWS\system32\DRIVERS\LVCM.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 JavaIFX;JavaIFX;C:\WINDOWS\java\JavaIFX\services.exe
S2 Microsoft Security Center;Microsoft Security Center;C:\WINDOWS\system32\IIS\svchost.exe
S2 QuickSettings;QuickSettings;C:\WINDOWS\System32\inetsrv\temp\services.exe
S2 WindowsUpdate;FireDaemon Service: WindowsUpdate;c:\Windows\system32\Dap\\mssvchost.exe -s
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
S3 nm;Verkonvalvonnan ohjain;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-08-07 09:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 22:33:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x2022\xd3w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000013f

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 22:36:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 22:35
C:\ComboFix2.txt ... 2007-08-10 21:55
C:\ComboFix3.txt ... 2007-08-10 17:33

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:07, on 10.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMonTaskbar.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\LVComsX.exe
D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
C:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - D:\WINDOW~1\PCINTO~1\WEBBLI~1\webblinds.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\ctnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UltraMon] "D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Aureon 5.1 Fun Mixer] C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe /minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: cnxUnins.bat
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe (file missing)

--
End of file - 9875 bytes

 

Jos käytät vain Windowsin omaa palomuuria, niin se ei ole riittävä suoja. Lataa vaikka näistä kolmesta Yksi palomuuri koneellesi ja asenna se. Poista sitten myös windowsin palomuuri käytöstä. Nämä 3 ovat aika suosittuja ja ilmaisia palomuureja:

Comodo
Kerio
Zonealarm

========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:Windowssystem32Dap\mssvchost.exe (file missing)

Tässä ohje miten merkataan:



kopioi seuraavat rivit esim notepad:in

Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot

tuplaklikka hiirellä FIX.BAT :a

==========

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

==========


Loistava ohje tietokoneeen nopeuttamiseksi

http://neko.1g.fi/ohje/hidastelua.html

==========

Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files


Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Uusi Hijackthislogi ja F-securen raportti

 

No nyt on jotain pielessä. en pääse pojan koneella enää ollenkaan nettiin. Latasin uudelleen IE7, koska se ei auennut pojan koneella (ollut käytössä Mozilla Firefox) ja nyt ei siis enää aukea/ ei ole koneella mozillaakaan...

 

Ok... eli koneella on ollut useita todella vaikeita rootkit/backdoor/passwordstealer infektioita...

C:\WINDOWS\system32\kernel1.exe

C:\Qoobox\Quarantine\C:\WINDOWS\system32\kernel1.exe.vir

Nimeä se uudelleen kernel1.exe (eli poista toi .vir pääte)

ja siirrä se takaisin C:\WINDOWS\system32\ kansioon

Laita piilotiedostot näkyviin ja siirron jälkeen piiloon takaisin

Käynnistä kone uudelleen ja auttoko? (kannattaa ainakin kokeilla)

 

Nyt on tuo uudelleen nimeäminen ja siirto ja käynnistys tehty, mutta IE ei toimi. Mozillan sain eilen illalla toimimaan, kun löysin tiedoston koneelta...

 

Kokeilin kirjautua toisella käyttäjällä, ja sillä IE toimii. Autaako mitään, jos ajan sen F-securen online scannerin sitä kautta?

 

Juu... Se käy ihan yhtä hyvin..

Voit myös koittaa tätä sen tilalla jos ei onnistu

Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.


=======

eli raportti ja uusi hijackthislogi seuraavassa vastauksessa

 

Onko tuolla mitnkälaista eroa, kun on eri käyttäjänä kirjautunut, siis osaako esim. just nuo virus scannerit silti lukea koko koneen tiedostot ja samaten nuo parannus jutut, niin toimiiko ne koko koneeseen riippumatta kirjautujasta? Vai voiko eri käyttäjiin jäädä jotain infektoituneita osia? Latasin vasta nyt sen Comodon palomuurin muuten...
Tässä nämä uudet raportit: (F-securen scanneri oli löytäny taas monta virusta :-()
Scanning Report
Saturday, August 11, 2007 12:49:30 - 17:24:16

Computer name: 100518260306
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ F:\
Result: 19 malware found
BAT/Zapchast.K (virus)

* C:\WINDOWS\Drivers\Microsoft\telnet.bat (Submitted)

BAT/Zapchast.T@dr (virus)

* C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP674\A0085013.bat (Renamed & Submitted)
* C:\Kit\setup.bat (Renamed & Submitted)

Backdoor.IRC.Flood (virus)

* C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP675\A0085198.exe (Renamed & Submitted)
* C:\Kit\mirc.ini (Renamed & Submitted)
* D:\Documents and Settings\aston\Local Settings\Temporary Internet Files\Content.IE5\4D498FSD\Ecidma[1].exe (Renamed & Submitted)

Backdoor.Win32.mIRC-based (virus)

* C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP675\A0085197.exe (Renamed & Submitted)
* C:\Kit\scvhost.exe (Renamed & Submitted)
* D:\Documents and Settings\aston\Local Settings\Temporary Internet Files\Content.IE5\2FAVSB8L\toto[1].exe (Renamed & Submitted)

Hupigon.gen83 (virus)

* C:\WINDOWS\Drivers\Microsoft\microsoft.exe (Submitted)
* C:\WINDOWS\Drivers\Microsoft\proc.exe (Submitted)
* C:\WINDOWS\Drivers\Microsoft\service32.exe (Submitted)

Hupigon.gen83.dropper (virus)

* C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP675\A0085199.exe (Submitted)
* D:\Documents and Settings\aston\Local Settings\Temporary Internet Files\Content.IE5\2JUHOTU1\ash[1].exe (Submitted)

Net-Worm.Win32.Randon.m (virus)

* C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP675\A0085196.exe (Renamed & Submitted)
* D:\Documents and Settings\aston\Local Settings\Temporary Internet Files\Content.IE5\2JUHOTU1\scan2[1].exe (Renamed & Submitted)

Suspicious_Y.gen (virus)

* D:\DVD Ripper\keygen.exe (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System

Statistics
Scanned:

* Files: 241827
* System: 5225
* Not scanned: 34

Actions:

* Disinfected: 1
* Renamed: 10
* Deleted: 0
* None: 8
* Submitted: 17

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{328536D0-62DC-4E49-BB38-23FC81BCC862}.BIN
* C:\WINDOWS\$NTUNINSTALLKB925398_WMP64$\DXMASF.DLL
* C:\WINDOWS\$NTUNINSTALLKB925398_WMP64$\STRMDLL.DLL
* C:\WINDOWS\$NTUNINSTALLKB925398_WMP64$\SPUNINST\SPUNINST.EXE
* C:\WINDOWS\$NTUNINSTALLKB925398_WMP64$\SPUNINST\UPDSPAPI.DLL
* C:\Program Files\Common Files\Adobe\Installers\Adobe Photoshop CS3 10.0.log.gz\Adobe Photoshop CS3 10.0.log
* C:\DRIVERS\MCDBF\SOURCE1\OTHER.EXE\BIOSLOCK.PIF
* {B7045574-97D6-4B3A-9B64-46CCE1184CAC}.dxstat
* {27400453-CEC1-4300-A600-E701AD2437E1}.dxstat
* {D54B33E9-C851-45E4-BAF8-E4B1240284DA}.dxstat
* {B7045574-97D6-4B3A-9B64-46CCE1184CAC}.dxstat
* {27400453-CEC1-4300-A600-E701AD2437E1}.dxstat
* {D54B33E9-C851-45E4-BAF8-E4B1240284DA}.dxstat
* D:\RECYCLER\S-1-5-21-2688827086-591396934-1338908414-1006\DD1.EXE
* Linkin Park - In The End.mp3
* Linkin Park - By Myself.mp3
* Linkin Park - Crwaling.mp3
* Linkin Park - Cure Of The Itch.mp3
* Linkin Park - Forgotten.mp3
* Linkin Park - A Place For My Head.mp3
* Linkin Park - One Step Closer.mp3
* Linkin Park - Papercut.mp3
* Linkin Park - Points Of Authority.mp3
* Linkin Park - Pushing Me Away.mp3
* Linkin Park - Runaway.mp3
* Linkin Park - With You.mp3
* D:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\KOTI\LOCALS~1\TEMP\1206BISPO.PPT
* D:\BitLord\Downloads\Linkin Park - What I've Done\Linkin Park - What I've Done.rar\Linkin Park - What I've Done.mp3
* D:\BitLord\Downloads\CKY - An Answer Can Be Found\CKY - An Answer Can Be Found.rar\000-cky-an_answer_can_be_found-(retail)-2005.m3u
* F:\Mika\Torrents\Spectrasonics - Trilogy.rar\Spectrasonics - Trilogy CD 5 of 5.ISO
* F:\Mika\Torrents\Korn.Live.at.Rock.am.Ring.2007.WS.SATRip.XviD-iNSPiRED.(www.moviez.to).rar\!!!Kostenlos.Testen.FULLSPEED.mit.bis.zu.35MBiT.DOWNLOADEN.anonym.und.LEGAL.URL.URL

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-08-10
* F-Secure AVP: 7.0.171, 2007-08-10
* F-Secure Orion: 1.2.37, 2007-08-10
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-07-05

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:51, on 11.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
D:\Comodo\Firewall\cmdagent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVComsX.exe
D:\Comodo\Firewall\CPF.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMonTaskbar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - D:\WINDOW~1\PCINTO~1\WEBBLI~1\webblinds.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\ctnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UltraMon] "D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Aureon 5.1 Fun Mixer] C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe /minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: cnxUnins.bat
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Comodo\Firewall\cmdagent.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10586 bytes

 

Tässä vielä uusin hjt-loki, kun jouduin jotain säätöä tekeen työpöytä asetusten ja sellasten kans, kun vahingos poistui taas mozillaki ja se piti ladata uusiks toisella käyttäjällä........
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:47, on 11.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
D:\Comodo\Firewall\cmdagent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMonTaskbar.exe
D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - D:\WINDOW~1\PCINTO~1\WEBBLI~1\webblinds.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\ctnotify.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UltraMon] "D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Aureon 5.1 Fun Mixer] C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe /minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-21-2688827086-591396934-1338908414-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'aston')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: cnxUnins.bat
O4 - Startup: Stardock ObjectDock.lnk = D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Comodo\Firewall\cmdagent.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10343 bytes

 

Tutkastaa kuitenki toi tiedosto

C:\WINDOWS\system32\kernel1.exe

Laita piilotiedostot näkyviin ja tarkistuksen jälkeen piiloon takaisin

http://www.virustotal.com/

Mene tuonne sivulle ja lataa tiedosto käyttämällä "selaa" toimintoa.

Jos palvelu on ruuhkautunut käytä http://virusscan.jotti.org/

Laita tulos seuraavaan vastaukseen

=======

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

 

Tässä taas pari raporttia. dss ei tuottanut muuta, kuin main.txt tällä kertaa???
File kernel1.exe received on 08.12.2007 12:05:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 58 and 83 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.8.9.2 2007.08.10 -
AntiVir 7.4.0.60 2007.08.10 -
Authentium 4.93.8 2007.08.11 -
Avast 4.7.1029.0 2007.08.11 -
AVG 7.5.0.476 2007.08.11 -
BitDefender 7.2 2007.08.12 -
CAT-QuickHeal 9.00 2007.08.11 -
ClamAV 0.91 2007.08.12 -
DrWeb 4.33 2007.08.11 -
eSafe 7.0.15.0 2007.08.10 -
eTrust-Vet 31.1.5050 2007.08.11 -
Ewido 4.0 2007.08.12 -
FileAdvisor 1 2007.08.12 -
Fortinet 2.91.0.0 2007.08.12 -
F-Prot 4.3.2.48 2007.08.10 -
F-Secure 6.70.13030.0 2007.08.11 -
Ikarus T3.1.1.12 2007.08.12 -
Kaspersky 4.0.2.24 2007.08.12 -
McAfee 5095 2007.08.10 -
Microsoft 1.2704 2007.08.12 -
NOD32v2 2452 2007.08.12 -
Norman 5.80.02 2007.08.10 -
Panda 9.0.0.4 2007.08.11 -
Prevx1 V2 2007.08.12 -
Rising 19.35.61.00 2007.08.12 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.11 -
Symantec 10 2007.08.12 -
TheHacker 6.1.7.167 2007.08.12 -
VBA32 3.12.2.2 2007.08.11 -
VirusBuster 4.3.26:9 2007.08.11 -
Webwasher-Gateway 6.0.1 2007.08.12 -
Additional information
File size: 2148864 bytes
MD5: bad2af30e110ffeb8d7354a11a2a72ef
SHA1: 74618fd6f889725c90e0341458977f3cb555dd61



Deckard's System Scanner v20070809.63
Run by Koti on 2007-08-12 at 13:16:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.2 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-12 13:17:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
D:\Comodo\Firewall\cmdagent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Stardock\sdmcp.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Comodo\Firewall\cpf.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
D:\Documents and Settings\Koti\Työpöytä\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - D:\Windows skinit\PC Into Mac ohjelmat\WebBlinds\WebBlinds.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\ctnotify.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [UltraMon] "D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" /auto
O4 - HKEY_LOCAL_MACHINE\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [COMODO Firewall Pro] "D:\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [Aureon 5.1 Fun Mixer] C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe /minimize
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: cnxUnins.bat
O4 - Startup: Stardock ObjectDock.lnk = D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files\Bonjour\mdnsNSP.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\MCPStub.dll
O20 - Winlogon Notify: WBSrv - D:\WindowBlinds\WbSrv.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - "C:\Program Files\Bonjour\mDNSResponder.exe"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - "c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - "c:\APPS\Powercinema\Kernel\TV\CLSched.exe"
O23 - Service: CyberLink Media Library Service - Cyberlink - "C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: ISSVC - Unknown owner - "C:\Program Files\Norton Internet Security\ISSVC.exe"
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Unknown owner - "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
O23 - Service: SAVScan - Unknown owner - "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
O23 - Service: StyleXPService - Unknown owner - "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-11 17:56:35 0 d-------- D:\Documents and Settings\aston\Application Data\Comodo
2007-08-11 17:29:46 0 d-------- D:\Documents and Settings\Koti\Application Data\Comodo
2007-08-11 17:29:43 0 d-------- D:\Documents and Settings\All Users\Application Data\Comodo
2007-08-11 17:26:24 0 d-------- D:\Comodo
2007-08-10 17:05:39 1327 --a------ D:\Documents and Settings\Koti\clean.reg
2007-08-10 16:23:58 0 d-------- C:\WINDOWS\ERUNT
2007-08-10 16:12:21 2534 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-10 15:50:50 0 d-------- D:\Deckard
2007-08-10 15:50:12 0 d-------- C:\Program Files\Common Files\Java
2007-08-01 17:38:04 0 d-------- D:\Documents and Settings\All Users\Application Data\Ubisoft
2007-07-30 20:12:17 0 d-------- C:\WINDOWS\Profiles
2007-07-30 20:12:09 0 d-------- D:\Documents and Settings\Koti\Application Data\InterTrust
2007-07-30 20:11:31 0 d-------- C:\WINDOWS\_ISTMP1.DIR
2007-07-20 02:00:28 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-20 01:58:08 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-20 01:58:08 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-18 18:36:09 69632 -ra------ C:\WINDOWS\system32\xmltok.dll
2007-07-18 18:36:09 36864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2007-07-18 18:36:08 0 d-------- C:\Program Files\Ubi Soft
2007-07-15 22:37:14 0 d-------- C:\WINDOWS\system32\FlashAX
2007-07-13 12:49:41 491520 --a------ C:\WINDOWS\Au51Fun.exe <Not Verified; TerraTec Electronics GmbH; Aureon Fun Mixer Application>
2007-07-13 12:47:25 0 d-------- C:\WINDOWS\system32\VIRepair
2007-07-12 04:11:01 0 d--h----- C:\WINDOWS\system32\channels


-- Find3M Report ---------------------------------------------------------------

2007-12-09 00:32:40 487936 --a------ C:\WINDOWS\system32\rmbe3260.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealProducer Build Engine (32-bit)>
2007-12-09 00:32:40 87040 --a------ C:\WINDOWS\system32\ra32sipr.dll <Not Verified; RealNetworks, Inc.; RealMedia Shared Component (32-bit)>
2007-12-09 00:32:40 21504 --a------ C:\WINDOWS\system32\ra32dnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-12-09 00:32:40 72704 --a------ C:\WINDOWS\system32\ra3228_8.dll <Not Verified; RealNetworks, Inc.; 28.8 Audio Codec for RealAudio(tm) (32-bit) RealVideo Encoder SDK 5.0>
2007-12-09 00:32:40 81920 --a------ C:\WINDOWS\system32\ra3214_4.dll <Not Verified; RealNetworks, Inc.; 14.4 Audio Codec for RealAudio(tm) (32-bit) RealVideo Encoder SDK 5.0>
2007-12-09 00:32:40 352768 --a------ C:\WINDOWS\system32\pngu3263.dll <Not Verified; RealNetworks, Inc.; RealPlayer (32-bit)>
2007-12-09 00:32:40 131072 --a------ C:\WINDOWS\system32\pneng50.dll <Not Verified; RealNetworks, Inc.; RealNetworks RealVideo Encoder Engine (32-bit)>
2007-12-09 00:32:40 130560 --a------ C:\WINDOWS\system32\pnc3250.dll <Not Verified; RealNetworks, Inc.; Low-Level API for RealAudio(tm) Encoder (32-bit)>
2007-12-09 00:32:40 85504 --a------ C:\WINDOWS\system32\encdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-12-09 00:32:40 61952 --a------ C:\WINDOWS\system32\decdnet.dll <Not Verified; RealNetworks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-08-11 22:31:43 0 d-------- C:\Program Files\MSN Messenger
2007-08-11 19:23:48 0 d-------- C:\Program Files\TopDesk
2007-08-11 19:23:47 0 d-------- C:\Program Files\Movie Maker
2007-08-11 11:44:20 0 d-------- D:\Documents and Settings\Koti\Application Data\LimeWire
2007-08-10 15:50:37 0 d-------- C:\Program Files\Java
2007-08-10 15:50:12 0 d-------- C:\Program Files\Common Files
2007-08-03 18:15:24 393762 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-08-03 18:15:24 83516 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-03 13:34:19 0 d-------- C:\Program Files\Common Files\HP
2007-08-03 13:02:44 0 d-------- D:\Documents and Settings\Koti\Application Data\Adobe
2007-08-01 17:21:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 20:12:09 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-21 18:06:27 0 d-------- C:\Program Files\VstPlugins
2007-07-20 02:09:00 0 d-------- C:\Program Files\DivX
2007-07-13 14:54:44 0 --a------ D:\Documents and Settings\Koti\Application Data\.googlewebacchosts
2007-07-09 22:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 22:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 22:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 22:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 22:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 22:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 22:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 22:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-05 04:16:24 2148864 --a------ C:\WINDOWS\system32\kernel1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® -käyttöjärjestelmä>
2007-07-05 03:19:47 6112 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-07-05 03:19:46 56300 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-07-05 02:38:50 0 d-------- D:\Documents and Settings\Koti\Application Data\ViStart
2007-07-04 12:40:12 467 --a------ C:\WINDOWS\system32\Datei9
2007-07-04 12:40:12 467 --a------ C:\WINDOWS\system32\Datei8
2007-07-04 12:40:12 469 --a------ C:\WINDOWS\system32\Datei7
2007-07-04 12:40:12 465 --a------ C:\WINDOWS\system32\Datei6
2007-07-04 12:40:12 469 --a------ C:\WINDOWS\system32\Datei5
2007-07-04 12:40:12 471 --a------ C:\WINDOWS\system32\Datei4
2007-07-04 12:40:12 470 --a------ C:\WINDOWS\system32\Datei3
2007-07-04 12:40:12 471 --a------ C:\WINDOWS\system32\Datei2
2007-07-04 12:40:12 467 --a------ C:\WINDOWS\system32\Datei10
2007-07-04 12:40:12 470 --a------ C:\WINDOWS\system32\Datei1
2007-07-04 12:40:12 468 --a------ C:\WINDOWS\system32\Datei0
2007-06-30 12:28:13 0 d-------- C:\Program Files\Winamp
2007-06-25 15:50:40 0 d-------- D:\Documents and Settings\Koti\Application Data\Vso
2007-06-17 11:55:13 0 d-------- C:\Program Files\Windows Live
2007-06-13 22:42:05 36108 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-13 22:42:04 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-13 22:29:22 0 d-------- C:\Program Files\Common Files\DigiDesign
2007-06-06 00:09:57 4276 --a------ C:\WINDOWS\mozver.dat
2007-06-02 01:25:48 34 --a------ D:\Documents and Settings\Koti\Application Data\pcouffin.log
2007-06-02 01:25:44 47360 --a------ D:\Documents and Settings\Koti\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-06-02 01:25:44 1144 --a------ D:\Documents and Settings\Koti\Application Data\pcouffin.inf
2007-06-02 01:25:44 7887 --a------ D:\Documents and Settings\Koti\Application Data\pcouffin.cat
2007-05-19 23:52:11 532480 --a------ C:\WINDOWS\system32\Minutes until Midnight-Linkin Park.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-05-17 22:13:40 86 --ahs---- D:\Documents and Settings\Koti\Application Data\desktop.ini
2007-05-12 23:04:06 7853568 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® -käyttöjärjestelmä>
2007-05-12 15:31:12 55 --ah----- C:\WINDOWS\sysreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1A:Stardock TrayMonitor"="C:\Program Files\Common Files\stardock\TrayServer.exe" [14.02.2003 04:57]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05.08.2005 21:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [21.10.2005 11:25]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [07.12.2005 10:26]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\ctnotify.exe" []
"SoundMan"="SOUNDMAN.EXE" [17.11.2006 06:42 C:\WINDOWS\soundman.exe]
"UltraMon"="D:\Windows skinit\PC Into Mac ohjelmat\Ultramon\UltraMon.exe" [12.10.2006 22:27]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [11.12.2007 04:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]
"COMODO Firewall Pro"="D:\Comodo\Firewall\CPF.exe" [11.08.2007 17:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [24.05.2006 21:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 14:00]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" []
"LClock"="C:\Program Files\LClock\LClock.exe" []
"Aureon 5.1 Fun Mixer"="C:\WINDOWS\system32\Aureon 5.1 Fun Mixer.exe" []

D:\Documents and Settings\Koti\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 21:16:50]
cnxUnins.bat [13.5.2007 17:08:36]
Stardock ObjectDock.lnk - D:\Windows skinit\PC Into Mac ohjelmat\ObjectDock Plus_1.5 build 528u+Crack\ObjectDock\ObjectDock.exe [13.1.2007 21:33:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 31.01.2005 16:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\WINDOW~2\wbsrv.dll 06.12.2005 22:16 176128 D:\WINDOW~2\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone Fast Start.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Last.fm Helper.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Run Google Web Accelerator.lnk]
path=D:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Thoosje Sidebar .lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Thoosje Sidebar .lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar .lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^TransBar.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Vista Search.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Vista Search.lnk
backup=C:\WINDOWS\pss\Vista Search.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Koti^Käynnistä-valikko^Ohjelmat^Käynnistys^Y'z Shadow.lnk]
path=D:\Documents and Settings\Koti\Käynnistä-valikko\Ohjelmat\Käynnistys\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
c:\apps\ABoard\ABoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
D:\Program Files\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
D:\Windows skinit\PC Into Mac ohjelmat\cursor\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"F:\Mika\Ohjelmat jne\DAemon\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
C:\WINDOWS\system32\ElkCtrl.exe /automation

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"D:\Windows skinit\PC Into Mac ohjelmat\LogonStudio\logonstudio.exe" /RANDOM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orbit]
D:\Windows skinit\Orbit\Orbit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
D:\ISOPower\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb]
C:\Program Files\ViOrb\ViOrb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowFX]
D:\WINDOW~1\PCINTO~1\WindowFX\\wfxload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"SAVScan"=3 (0x3)
"rpcapd"=3 (0x3)
"ISSVC"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-08-12 at 13:17:29 ---------

 

Mikäs tämä on? Ajattelin skannata virus totalilla, kun tuo KIT kansio esiintyy aina virusjutuis, eikä poika ainakaa tiedä että olis sille joku tarpeellinen...Auttaako koko kansion poisto?


File scvhost.0xe received on 08.12.2007 12:26:34 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.8.9.2 2007.08.10 Win-AppCare/MircPack.1653760
AntiVir 7.4.0.60 2007.08.10 -
Authentium 4.93.8 2007.08.11 -
Avast 4.7.1029.0 2007.08.11 -
AVG 7.5.0.476 2007.08.11 -
BitDefender 7.2 2007.08.12 Backdoor.Mirc.BV
CAT-QuickHeal 9.00 2007.08.11 W32.Mirc.Flood
ClamAV 0.91 2007.08.12 -
DrWeb 4.33 2007.08.11 -
eSafe 7.0.15.0 2007.08.10 -
eTrust-Vet 31.1.5050 2007.08.11 -
Ewido 4.0 2007.08.12 -
FileAdvisor 1 2007.08.12 Low threat detected
Fortinet 2.91.0.0 2007.08.12 W32/IRCFlood.CD!tr
F-Prot 4.3.2.48 2007.08.10 -
F-Secure 6.70.13030.0 2007.08.11 Backdoor.Win32.mIRC-based
Ikarus T3.1.1.12 2007.08.12 Backdoor.IRC.mIRC-based
Kaspersky 4.0.2.24 2007.08.12 not-a-virus:Client-IRC.Win32.mIRC.591
McAfee 5095 2007.08.10 IRC/Flood.mirc
Microsoft 1.2704 2007.08.12 -
NOD32v2 2452 2007.08.12 -
Norman 5.80.02 2007.08.10 -
Panda 9.0.0.4 2007.08.11 Suspicious file
Prevx1 V2 2007.08.12 Generic.Malware
Rising 19.35.61.00 2007.08.12 Trojan.IRC.MIRC-based
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.11 Backdoor.Win32.Dumador.c
Symantec 10 2007.08.12 IRC Trojan
TheHacker 6.1.7.167 2007.08.12 Aplicacion/mIRC.591
VBA32 3.12.2.2 2007.08.11 BackDoor.IRC.based
VirusBuster 4.3.26:9 2007.08.11 -
Webwasher-Gateway 6.0.1 2007.08.12 Riskware.mIRC-1682432.A.1
Additional information
File size: 1682432 bytes
MD5: e07274cd16810b5dc280d9699fce2c8e
SHA1: 26234450b0202ae2a92f20753aef15bf2155d7d2
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=e07274cd16810b5dc280d9699fce2c8e
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=0E6F77330060F9D5AC1F190324A66F00D644E74A

 

Joo.. totta kansio kuulu noilla trojailaisille että poista vaan koko kansio C:\Kit tämä samalla C:\WINDOWS\Drivers\Microsoft\

(ei kuulu oikeasti microsoftille)

=======

Tarkistetaan viel tällä skannerilla

Kaspersky online-skanneri

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

 

Näyttää siltä, että tuo Kasperskyn -raportti on liian iso lähetettäväks tänne (yli 8Mt), se on lähetyksessä tossa toisella sivulla, mut voi olla että se ei koskaan tuu perille... Onko muita keinoja?