|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Suorittimen käyttö 100%
|
|
Member
1 tuotearvio
|
21. marraskuuta 2009 @ 00:08 |
Linkki tähän viestiin
|
Kone hidas ja takkuaa<- uusi kone
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:28, on 23.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system\CMGxMon.exe
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE
C:\Windows\System32\wpcumi.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Windows\System32\ojz1130.tmp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Uniblue\RegistryBooster 2009\registrybooster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Yamicsoft\Vista Manager\VistaManager.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cmaudio8768GX] C:\Windows\system\CmGXMon.exe Envoke
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [ojz1130.tmp.exe] C:\Windows\system32\ojz1130.tmp.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [UnibluePowerSuite] C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/ve...vex-2.2.5.0.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/c...opAntiVirus.dll
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
--
End of file - 9352 bytes
***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 23:59:42 20 marras 2009
Using Database v7425
Operating System: Windows 7 Home Premium [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 23:59:06 20 marras 2009
Using Database v7425
Operating System: Windows 7 Home Premium [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
23:59:06: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
23:59:07: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2613248 bytes
Created: 9.11.2009 19:19
Modified: 3.8.2009 7:35
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
26112 bytes
Created: 14.7.2009 1:34
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: F-Secure Manager
Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE
199264 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
--------------------
Value Name: F-Secure TNB
Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe
2349664 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
--------------------
Value Name: CmPCIaudio
Value Data: RunDll32 CMICNFG3.cpl,CMICtrlWnd
CMICNFG3.cpl - [file not found to scan]
--------------------
Value Name: Kernel and Hardware Abstraction Layer
Value Data: KHALMNPR.EXE
C:\Windows\KHALMNPR.EXE
55824 bytes
Created: 12.11.2009 15:25
Modified: 17.6.2009 12:55
Company: Logitech, Inc.
--------------------
Value Name: BDRegion
Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
75048 bytes
Created: 15.11.2009 13:26
Modified: 1.9.2009 17:00
Company: cyberlink
--------------------
Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
98304 bytes
Created: 4.11.2009 9:52
Modified: 4.11.2009 9:52
Company: Advanced Micro Devices, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 20.11.2009 18:01
Modified: 20.11.2009 18:02
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: SpeedBitVideoAccelerator
Value Data: C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
1435240 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
--------------------
Value Name: DriverMax
Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
7924056 bytes
Created: 9.11.2009 20:18
Modified: 30.9.2009 15:48
Company: Innovative Solutions
--------------------
Value Name: DriverMax_RESTART
Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
7924056 bytes
Created: 9.11.2009 20:18
Modified: 30.9.2009 15:48
Company: Innovative Solutions
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
C:\Program Files\DAEMON Tools Lite\DTLite.exe
369200 bytes
Created: 30.10.2009 13:57
Modified: 30.10.2009 13:57
Company: DT Soft Ltd
--------------------
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1173504 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
Value Name: EA Core
Value Data: "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
C:\Program Files\Electronic Arts\EADM\Core.exe - [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
23:59:09: Scanning -----SHELLEXECUTEHOOKS-----
************************************************************
23:59:09: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
23:59:09: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
23:59:09: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
23:59:09: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\Windows\System32\uxtuneup.dll
30024 bytes
Created: 1.11.2009 0:14
Modified: 13.11.2009 10:45
Company: TuneUp Software
--------------------
************************************************************
23:59:09: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AMD External Events Utility
ImagePath: %SystemRoot%\system32\atiesrxx.exe
C:\Windows\system32\atiesrxx.exe
172032 bytes
Created: 4.11.2009 17:45
Modified: 4.11.2009 17:45
Company: AMD
----------
Key: AmdLLD
ImagePath: system32\DRIVERS\AmdLLD.sys
C:\Windows\system32\DRIVERS\AmdLLD.sys
42552 bytes
Created: 19.11.2009 18:08
Modified: 22.4.2009 14:32
Company: Advanced Micro Devices
----------
Key: AmdPPM
ImagePath: system32\DRIVERS\amdppm.sys
C:\Windows\system32\DRIVERS\amdppm.sys
52736 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 1:11
Company: Microsoft Corporation
----------
Key: amdsata
ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys
C:\Windows\system32\DRIVERS\amdsata.sys
79952 bytes
Created: 10.6.2009 23:19
Modified: 14.7.2009 3:26
Company: Advanced Micro Devices
----------
Key: amdxata
ImagePath: system32\DRIVERS\amdxata.sys
C:\Windows\system32\DRIVERS\amdxata.sys
23616 bytes
Created: 14.7.2009 0:09
Modified: 14.7.2009 3:26
Company: Advanced Micro Devices
----------
Key: archlp
ImagePath: system32\drivers\archlp.sys
C:\Windows\system32\drivers\archlp.sys - [file not found to scan]
----------
Key: AtiHdmiService
ImagePath: system32\drivers\AtiHdmi.sys
C:\Windows\system32\drivers\AtiHdmi.sys
104976 bytes
Created: 18.11.2009 14:12
Modified: 30.9.2009 16:33
Company: ATI Technologies, Inc.
----------
Key: cmuda3
ImagePath: system32\drivers\cmudax3.sys
C:\Windows\system32\drivers\cmudax3.sys
1872320 bytes
Created: 13.11.2009 16:48
Modified: 15.6.2009 15:08
Company: C-Media Inc
----------
Key: F-Secure Filter
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
39776 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: F-Secure Gatekeeper
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys
101496 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:38
Company: F-Secure Corporation
----------
Key: F-Secure Gatekeeper Handler Starter
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe"
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
215648 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: F-Secure HIPS
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys
C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys
68064 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
----------
Key: F-Secure Recognizer
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
25184 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
655624 bytes
Created: 18.10.2007 16:07
Modified: 18.10.2007 16:07
Company: Acresso Software Inc.
----------
Key: fsbts
ImagePath: system32\Drivers\fsbts.sys
C:\Windows\system32\Drivers\fsbts.sys
33920 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:39
Company: F-Secure Corporation
----------
Key: FSDFWD
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe"
C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
522848 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:59
Company: F-Secure Corporation
----------
Key: FSES
ImagePath: System32\drivers\fses.sys
C:\Windows\System32\drivers\fses.sys
35680 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
----------
Key: FSFW
ImagePath: System32\drivers\fsdfw.sys
C:\Windows\System32\drivers\fsdfw.sys
71040 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
----------
Key: FSMA
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE"
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
186976 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
----------
Key: FSORSPClient
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe"
C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
55928 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:37
Company: F-Secure Corporation
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr.sys
C:\Windows\system32\DRIVERS\fssfltr.sys
54632 bytes
Created: 3.10.2009 16:01
Modified: 5.8.2009 21:48
Company: Microsoft Corporation
----------
Key: fsssvc
ImagePath: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
704864 bytes
Created: 5.8.2009 21:48
Modified: 5.8.2009 21:48
Company: Microsoft Corporation
----------
Key: fsvista
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys
12384 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\Windows\system32\DRIVERS\irsir.sys
20992 bytes
Created: 19.1.2008 5:55
Modified: 19.1.2008 5:55
Company: Microsoft Corporation
----------
Key: LGDDCDevice
ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys
C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys
14336 bytes
Created: 3.10.2009 16:08
Modified: 12.12.2008 14:27
Company: [no info]
----------
Key: LGII2CDevice
ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys
C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys
18432 bytes
Created: 3.10.2009 16:08
Modified: 12.12.2008 14:27
Company: [no info]
----------
Key: Nero BackItUp Scheduler 4.0
ImagePath: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
935208 bytes
Created: 23.9.2009 13:38
Modified: 23.9.2009 13:38
Company: Nero AG
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\nvm62x32.sys
C:\Windows\system32\DRIVERS\nvm62x32.sys
347264 bytes
Created: 10.6.2009 23:18
Modified: 14.7.2009 0:02
Company: NVIDIA Corporation
----------
Key: NVNET
ImagePath: system32\DRIVERS\nvmf6232.sys
C:\Windows\system32\DRIVERS\nvmf6232.sys
287392 bytes
Created: 13.11.2009 16:47
Modified: 30.7.2009 17:12
Company: NVIDIA Corporation
----------
Key: nvsmu
ImagePath: system32\DRIVERS\nvsmu.sys
C:\Windows\system32\DRIVERS\nvsmu.sys
17920 bytes
Created: 10.11.2009 21:55
Modified: 29.6.2009 0:36
Company: NVIDIA Corporation
----------
Key: PDAgent
ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe"
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
939272 bytes
Created: 7.10.2009 10:04
Modified: 7.10.2009 10:04
Company: Raxco Software, Inc.
----------
Key: PDEngine
ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe"
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
1033480 bytes
Created: 7.10.2009 10:05
Modified: 7.10.2009 10:05
Company: Raxco Software, Inc.
----------
Key: PnkBstrA
ImagePath: C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrA.exe
66872 bytes
Created: 3.10.2009 14:32
Modified: 3.10.2009 14:32
Company: [no info]
----------
Key: PnkBstrB
ImagePath: C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\PnkBstrB.exe
107832 bytes
Created: 3.10.2009 14:32
Modified: 20.10.2009 16:22
Company: [no info]
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys
C:\Windows\system32\DRIVERS\rdpbus.sys
18944 bytes
Created: 14.7.2009 2:02
Modified: 14.7.2009 2:02
Company: Microsoft Corporation
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
240512 bytes
Created: 19.5.2009 10:36
Modified: 19.5.2009 10:36
Company: Microsoft Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: TuneUp.Defrag
ImagePath: C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
435016 bytes
Created: 1.11.2009 0:14
Modified: 13.11.2009 21:12
Company: TuneUp Software
----------
Key: TuneUp.UtilitiesSvc
ImagePath: "C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe"
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
1021256 bytes
Created: 13.11.2009 10:49
Modified: 13.11.2009 10:49
Company: TuneUp Software
----------
Key: TuneUpUtilitiesDrv
ImagePath: \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
10064 bytes
Created: 14.10.2009 7:24
Modified: 14.10.2009 7:24
Company: TuneUp Software
----------
Key: VideoAcceleratorService
ImagePath: C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
300656 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUsb.sys
C:\Windows\system32\DRIVERS\WinUsb.sys
34944 bytes
Created: 14.7.2009 1:51
Modified: 14.7.2009 1:51
Company: Microsoft Corporation
----------
Key: wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1533808 bytes
Created: 30.3.2009 15:28
Modified: 30.3.2009 15:28
Company: Microsoft Corporation
----------
Key: {B154377D-700F-42cc-9474-23858FBDF4BD}
ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
C:\Program Files\CyberLink\PowerDVD9\000.fcl
87536 bytes
Created: 1.9.2009 16:59
Modified: 1.9.2009 16:59
Company: CyberLink Corp.
----------
************************************************************
23:59:14: Scanning -----VXD ENTRIES-----
************************************************************
23:59:14: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]
************************************************************
23:59:14: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
2250024 bytes
Created: 24.9.2009 17:07
Modified: 24.9.2009 17:07
Company: Nero AG
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\Trojan Remover\Trshlex.dll
C:\PROGRA~1\Trojan Remover\Trshlex.dll
479744 bytes
Created: 20.11.2009 18:01
Modified: 3.5.2009 17:16
Company: Simply Super Software
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
30536 bytes
Created: 13.11.2009 10:46
Modified: 13.11.2009 10:46
Company: TuneUp Software
----------
Key: {23814B80-52A2-11d0-BC1A-004095606CB9}
Path: C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll
C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll
64168 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
************************************************************
23:59:15: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
371712 bytes
Created: 16.4.2009 13:17
Modified: 16.4.2009 13:17
Company: Sun Microsystems, Inc.
----------
Key: {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}
File: C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
2135336 bytes
Created: 17.9.2009 13:35
Modified: 17.9.2009 13:35
Company: Nero AG
----------
************************************************************
23:59:15: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}
BHO: C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
2655736 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company:
----------
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
137600 bytes
Created: 19.5.2009 10:36
Modified: 19.5.2009 10:36
Company: Microsoft Corporation
----------
Key: {C6867EB7-8350-4856-877F-93CF8AE3DC9C}
BHO: C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
531040 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:59
Company: F-Secure Corporation
----------
Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll
C:\Program Files\Windows Live\Toolbar\wltcore.dll
1068904 bytes
Created: 6.2.2009 17:17
Modified: 6.2.2009 17:17
Company: Microsoft Corporation
----------
Key: {FF7C3CF0-4B15-11D1-ABED-709549C10000}
BHO: C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
185944 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
----------
************************************************************
23:59:15: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
23:59:15: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
23:59:15: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
23:59:15: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
23:59:16: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
23:59:16: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.7.2009 6:41
Modified: 15.11.2009 11:26
Company: [no info]
--------------------
************************************************************
23:59:16: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Windows
[C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 2.10.2009 15:57
Modified: 9.11.2009 18:56
Company: [no info]
----------
LimeWire On Startup.lnk - links to C:\PROGRA~1\LimeWire\LimeWire.exe
C:\PROGRA~1\LimeWire\LimeWire.exe
503808 bytes
Created: 30.9.2009 18:06
Modified: 30.9.2009 18:06
Company: Lime Wire, LLC
----------
--------------------
************************************************************
23:59:16: Scanning ----- SCHEDULED TASKS -----
Taskname: {287E119D-0ED2-4C54-8EAE-BA6F9F44F1BB}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\InstallHelper.exe" -c "C:\Program Files\Electronic Arts\The Sims 3\Mods\Packages\[ana@66S] Dinner Party.package"
----------
Taskname: {32FF45E6-7363-42FC-8F4C-881B29EE1347}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\Downloads\SDFix.exe -d C:\Windows\system32
----------
Taskname: {541E934A-7B30-4574-8A04-F70D04FEC31E}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Windows\System\CMICNFG3.cpl
----------
Taskname: {5A1165A9-9E01-4A18-9EC9-F4DCB5277A28}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x000b -removeonly
----------
Taskname: {5A56B5AB-E303-4B18-91FE-F50859537870}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\AppData\Local\Temp\FooPlugin0.9Setup_2.1.exe -d "C:\Program Files\Last.fm" -c /SILENT /DIR="C:\Program Files\Spotify\components\"
----------
Taskname: {76B4052F-5980-44FF-AD04-92B33B076E2D}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207\TS3InstallHelper.exe -d C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207 -c /UAC:206D4 /NCRC
----------
Taskname: {AD92A0D9-2C37-4A2B-AE95-3C11C7691D38}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCCHRDWB\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: {CFC14368-E5C0-48C2-B0C1-56B9AB320110}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXQ0I92F\9-9_vista32-64_hydravision[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: {E06AAB02-A5F7-4881-8E4F-42BEA8EA7F35}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]\The Sims 3 v1.27 to v1.3.2.exe" -d "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]"
----------
Taskname: {EDBCD0B4-46A9-4906-8380-E022F78249FB}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Windows\uninstall\Satellite TV for PC Elite\setup.exe"
----------
Taskname: {F1888B49-A348-447B-9AFF-3C374B53F55B}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTJVF0OU\9-9_vista32_win7_32_dd[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: Automatic troubleshooting
File: C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
316232 bytes
Created: 13.11.2009 10:54
Modified: 13.11.2009 10:54
Company: TuneUp Software
Schedule: Multiple schedule times
Next Run Time: 21.11.2009 20:00:00
Status: Queued
Status:
Comments: Starts automatic troubleshooting at specific times
----------
Taskname: FileHippo.com Update Checker
File: C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
155648 bytes
Created: 28.9.2009 11:49
Modified: 28.9.2009 11:49
Company: FileHippo.com
Parameters: /background
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:81C859F3
----------
Taskname: InstallShield Software update service
File: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Parameters: -startup
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:04D036CE
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe - [file not found to scan]
----------
Taskname: InstallShield Software-Aktualisierungsdienst
File: C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe
196608 bytes
Created: 3.10.2009 16:08
Modified: 17.4.2004 11:41
Company: InstallShield Software Corporation
Parameters: -startup
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:7CBD3F7F
----------
Taskname: Java Update Scheduler
File: C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 3.10.2009 15:10
Modified: 5.11.2009 16:37
Company: Sun Microsystems, Inc.
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:819099AB
----------
Taskname: TuneUpUtilities_Task_BkGndMaintenance
File: C:\Program Files\TuneUp Utilities 2010\OneClick.exe
C:\Program Files\TuneUp Utilities 2010\OneClick.exe
649544 bytes
Created: 13.11.2009 10:55
Modified: 13.11.2009 10:55
Company: TuneUp Software
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Status:
Comments:
----------
Taskname: User_Feed_Synchronization-{BCAE4A76-79EC-4515-8B11-3CC294757FFB}
File: C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\msfeedssync.exe
12800 bytes
Created: 14.7.2009 1:42
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
Parameters: sync
Schedule: At 22:12:29 every day
Next Run Time: 21.11.2009 0:12:29
Status: Ready
Status: Windows-PC\Windows
Comments: Päivittää vanhentuneet järjestelmäsyötteet.
----------
************************************************************
23:59:17: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\system32\ntshrui.dll
442880 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:16
Company: Microsoft Corporation
----------
************************************************************
23:59:17: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.divxa32
File: msaud32_divx.acm
C:\Windows\system32\msaud32_divx.acm
186368 bytes
Created: 3.2.2003 8:01
Modified: 3.2.2003 8:01
Company: Microsoft Corporation
----------
Value: msacm.l3codecp
File: l3codecp.acm
C:\Windows\system32\l3codecp.acm
220672 bytes
Created: 14.7.2009 2:09
Modified: 14.7.2009 3:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.VP60
File: C:\Windows\system32\vp6vfw.dll
C:\Windows\system32\vp6vfw.dll
-R- 447752 bytes
Created: 4.9.2008 20:17
Modified: 4.9.2008 20:17
Company: On2.com
----------
Value: vidc.VP61
File: C:\Windows\system32\vp6vfw.dll
C:\Windows\system32\vp6vfw.dll - file already scanned
----------
************************************************************
23:59:17: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp
C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp
5184054 bytes
Created: 25.10.2009 16:58
Modified: 19.11.2009 23:44
Company: [no info]
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\img24.jpg
C:\Windows\web\wallpaper\img24.jpg - [file not found to scan]
----------
DNS Server information:
Interface: NVIDIA nForce Networking Controller
NameServers: 66.90.65.89,4.2.2.1
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
23:59:18: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
69632 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
6144 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wininit.exe
96256 bytes
Created: 14.7.2009 1:36
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe - file already scanned
--------------------
C:\Windows\system32\services.exe
259072 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsass.exe
22528 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
261120 bytes
Created: 14.7.2009 2:02
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\winlogon.exe
285696 bytes
Created: 14.7.2009 1:37
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
20992 bytes
Created: 14.7.2009 1:19
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\atiesrxx.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\atieclxx.exe
360448 bytes
Created: 4.11.2009 17:45
Modified: 4.11.2009 17:45
Company: AMD
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\spoolsv.exe
316416 bytes
Created: 14.7.2009 2:18
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144672 bytes
Created: 28.8.2009 18:42
Modified: 28.8.2009 18:42
Company: Apple Inc.
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12.12.2008 10:17
Modified: 12.12.2008 10:17
Company: Apple Inc.
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
476800 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:36
Company: F-Secure Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE - file already scanned
--------------------
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
73728 bytes
Created: 20.8.2009 13:34
Modified: 20.8.2009 13:34
Company: Hewlett-Packard Company
--------------------
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - file already scanned
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe - file already scanned
--------------------
C:\Windows\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Windows\system32\PnkBstrB.exe - file already scanned
--------------------
C:\Windows\system32\Dwm.exe
92672 bytes
Created: 14.7.2009 1:24
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\Explorer.EXE - file already scanned
--------------------
C:\Windows\system32\taskhost.exe
49152 bytes
Created: 14.7.2009 1:19
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe - file already scanned
--------------------
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - file already scanned
--------------------
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
140920 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
--------------------
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
486216 bytes
Created: 13.11.2009 10:51
Modified: 13.11.2009 10:51
Company: TuneUp Software
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe - file already scanned
--------------------
C:\Windows\System32\rundll32.exe
44544 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\CyberLink\Shared files\brs.exe - file already scanned
--------------------
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe - file already scanned
--------------------
C:\Program Files\Innovative Solutions\DriverMax\devices.exe - file already scanned
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
65536 bytes
Created: 22.4.2009 17:38
Modified: 22.4.2009 17:38
Company: Advanced Micro Devices Inc.
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
--------------------
C:\Program Files\LimeWire\LimeWire.exe
503808 bytes
Created: 30.9.2009 18:06
Modified: 30.9.2009 18:06
Company: Lime Wire, LLC
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
66824 bytes
Created: 7.10.2009 10:05
Modified: 7.10.2009 10:05
Company: Raxco Software, Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
183152 bytes
Created: 30.3.2009 15:28
Modified: 30.3.2009 15:28
Company: Microsoft Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fssm32.exe
599168 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:36
Company: F-Secure Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
65536 bytes
Created: 22.4.2009 17:37
Modified: 22.4.2009 17:37
Company: ATI Technologies Inc.
--------------------
C:\Windows\system32\WUDFHost.exe
195584 bytes
Created: 14.7.2009 1:50
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1121280 bytes
Created: 14.7.2009 2:09
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\AMD\AMD Power Monitor\AMD Power Monitor.exe
470016 bytes
Created: 21.5.2009 5:54
Modified: 21.5.2009 5:54
Company:
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Spotify\spotify.exe
2876144 bytes
Created: 7.10.2009 20:02
Modified: 6.11.2009 16:12
Company: Spotify AB
--------------------
C:\Program Files\DAEMON Tools Lite\DTLite.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3883856 bytes
Created: 26.7.2009 15:44
Modified: 26.7.2009 15:44
Company: Microsoft Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSHDLL32.EXE
88672 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsav32.exe
347776 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:38
Company: F-Secure Corporation
--------------------
C:\Program Files\Windows Live\Contacts\wlcomm.exe
27512 bytes
Created: 6.2.2009 16:07
Modified: 6.2.2009 16:07
Company: Microsoft Corporation
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 3101560
[This is a Trojan Remover component]
--------------------
C:\Program Files\uTorrent\uTorrent.exe
289072 bytes
Created: 3.10.2009 17:23
Modified: 3.10.2009 17:23
Company: BitTorrent, Inc.
--------------------
C:\Windows\explorer.exe - file already scanned
--------------------
************************************************************
23:59:21: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\System32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.fi/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 23:59:21 20 marras 2009
Total Scan time: 00:00:14
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:04:59 20 marras 2009
Using Database v7425
Operating System: Windows 7 Home Premium [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on C:\
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
C:\Boot\BCD appears to be in-use/locked
C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\Uninstall.exe appears to contain: Trojan.FakeAlert
C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\Uninstall.exe - process is either not running or could not be terminated
C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\Uninstall.exe - file renamed to: C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\Uninstall.exe.vir
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin appears to be in-use/locked
C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin appears to be in-use/locked
C:\Users\Windows\AppData\Local\Spotify\Storage\index.dat appears to be in-use/locked
C:\Users\Windows\AppData\Roaming\Adobe\Bridge CS4\Cache\1024\2009111207B15967\IMG_5228.CR2.jpg appears to contain: Trojan.Spy.Banker
C:\Users\Windows\AppData\Roaming\Adobe\Bridge CS4\Cache\1024\2009111207B15967\IMG_5228.CR2.jpg - file renamed to: C:\Users\Windows\AppData\Roaming\Adobe\Bridge CS4\Cache\1024\2009111207B15967\IMG_5228.CR2.jpg.vir
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat appears to be in-use/locked
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat appears to be in-use/locked
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb appears to be in-use/locked
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb appears to be in-use/locked
C:\Windows\System32\config\RegBack\DEFAULT appears to be in-use/locked
C:\Windows\System32\config\RegBack\SAM appears to be in-use/locked
C:\Windows\System32\config\RegBack\SECURITY appears to be in-use/locked
C:\Windows\System32\drivers\sptd.sys appears to be in-use/locked
------------------------------
116765 files scanned
2 Malware file(s) detected
Scan completed at: 23:53:49 20 marras 2009
Total Scan time: 05:48:50
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:04:29 20 marras 2009
Using Database v7425
Operating System: Windows 7 Home Premium [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
18:04:29: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
18:04:29: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2613248 bytes
Created: 9.11.2009 19:19
Modified: 3.8.2009 7:35
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
26112 bytes
Created: 14.7.2009 1:34
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: F-Secure Manager
Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE
199264 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
--------------------
Value Name: F-Secure TNB
Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe
2349664 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
--------------------
Value Name: CmPCIaudio
Value Data: RunDll32 CMICNFG3.cpl,CMICtrlWnd
CMICNFG3.cpl - [file not found to scan]
--------------------
Value Name: Kernel and Hardware Abstraction Layer
Value Data: KHALMNPR.EXE
C:\Windows\KHALMNPR.EXE
55824 bytes
Created: 12.11.2009 15:25
Modified: 17.6.2009 12:55
Company: Logitech, Inc.
--------------------
Value Name: BDRegion
Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
75048 bytes
Created: 15.11.2009 13:26
Modified: 1.9.2009 17:00
Company: cyberlink
--------------------
Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
98304 bytes
Created: 4.11.2009 9:52
Modified: 4.11.2009 9:52
Company: Advanced Micro Devices, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 20.11.2009 18:01
Modified: 20.11.2009 18:02
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: SpeedBitVideoAccelerator
Value Data: C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
1435240 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
--------------------
Value Name: DriverMax
Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
7924056 bytes
Created: 9.11.2009 20:18
Modified: 30.9.2009 15:48
Company: Innovative Solutions
--------------------
Value Name: DriverMax_RESTART
Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
7924056 bytes
Created: 9.11.2009 20:18
Modified: 30.9.2009 15:48
Company: Innovative Solutions
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
C:\Program Files\DAEMON Tools Lite\DTLite.exe
369200 bytes
Created: 30.10.2009 13:57
Modified: 30.10.2009 13:57
Company: DT Soft Ltd
--------------------
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1173504 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
Value Name: EA Core
Value Data: "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
C:\Program Files\Electronic Arts\EADM\Core.exe - [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
18:04:37: Scanning -----SHELLEXECUTEHOOKS-----
************************************************************
18:04:37: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
18:04:38: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
18:04:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
18:04:39: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\Windows\System32\uxtuneup.dll
30024 bytes
Created: 1.11.2009 0:14
Modified: 13.11.2009 10:45
Company: TuneUp Software
--------------------
************************************************************
18:04:45: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AMD External Events Utility
ImagePath: %SystemRoot%\system32\atiesrxx.exe
C:\Windows\system32\atiesrxx.exe
172032 bytes
Created: 4.11.2009 17:45
Modified: 4.11.2009 17:45
Company: AMD
----------
Key: AmdLLD
ImagePath: system32\DRIVERS\AmdLLD.sys
C:\Windows\system32\DRIVERS\AmdLLD.sys
42552 bytes
Created: 19.11.2009 18:08
Modified: 22.4.2009 14:32
Company: Advanced Micro Devices
----------
Key: AmdPPM
ImagePath: system32\DRIVERS\amdppm.sys
C:\Windows\system32\DRIVERS\amdppm.sys
52736 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 1:11
Company: Microsoft Corporation
----------
Key: amdsata
ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys
C:\Windows\system32\DRIVERS\amdsata.sys
79952 bytes
Created: 10.6.2009 23:19
Modified: 14.7.2009 3:26
Company: Advanced Micro Devices
----------
Key: amdxata
ImagePath: system32\DRIVERS\amdxata.sys
C:\Windows\system32\DRIVERS\amdxata.sys
23616 bytes
Created: 14.7.2009 0:09
Modified: 14.7.2009 3:26
Company: Advanced Micro Devices
----------
Key: archlp
ImagePath: system32\drivers\archlp.sys
C:\Windows\system32\drivers\archlp.sys - [file not found to scan]
----------
Key: AtiHdmiService
ImagePath: system32\drivers\AtiHdmi.sys
C:\Windows\system32\drivers\AtiHdmi.sys
104976 bytes
Created: 18.11.2009 14:12
Modified: 30.9.2009 16:33
Company: ATI Technologies, Inc.
----------
Key: cmuda3
ImagePath: system32\drivers\cmudax3.sys
C:\Windows\system32\drivers\cmudax3.sys
1872320 bytes
Created: 13.11.2009 16:48
Modified: 15.6.2009 15:08
Company: C-Media Inc
----------
Key: F-Secure Filter
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
39776 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: F-Secure Gatekeeper
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys
101496 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:38
Company: F-Secure Corporation
----------
Key: F-Secure Gatekeeper Handler Starter
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe"
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
215648 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: F-Secure HIPS
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys
C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys
68064 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
----------
Key: F-Secure Recognizer
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
25184 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
655624 bytes
Created: 18.10.2007 16:07
Modified: 18.10.2007 16:07
Company: Acresso Software Inc.
----------
Key: fsbts
ImagePath: system32\Drivers\fsbts.sys
C:\Windows\system32\Drivers\fsbts.sys
33920 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:39
Company: F-Secure Corporation
----------
Key: FSDFWD
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe"
C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
522848 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:59
Company: F-Secure Corporation
----------
Key: FSES
ImagePath: System32\drivers\fses.sys
C:\Windows\System32\drivers\fses.sys
35680 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
----------
Key: FSFW
ImagePath: System32\drivers\fsdfw.sys
C:\Windows\System32\drivers\fsdfw.sys
71040 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
----------
Key: FSMA
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE"
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
186976 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
----------
Key: FSORSPClient
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe"
C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
55928 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:37
Company: F-Secure Corporation
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr.sys
C:\Windows\system32\DRIVERS\fssfltr.sys
54632 bytes
Created: 3.10.2009 16:01
Modified: 5.8.2009 21:48
Company: Microsoft Corporation
----------
Key: fsssvc
ImagePath: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
704864 bytes
Created: 5.8.2009 21:48
Modified: 5.8.2009 21:48
Company: Microsoft Corporation
----------
Key: fsvista
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys
12384 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\Windows\system32\DRIVERS\irsir.sys
20992 bytes
Created: 19.1.2008 5:55
Modified: 19.1.2008 5:55
Company: Microsoft Corporation
----------
Key: LGDDCDevice
ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys
C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys
14336 bytes
Created: 3.10.2009 16:08
Modified: 12.12.2008 14:27
Company: [no info]
----------
Key: LGII2CDevice
ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys
C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys
18432 bytes
Created: 3.10.2009 16:08
Modified: 12.12.2008 14:27
Company: [no info]
----------
Key: Nero BackItUp Scheduler 4.0
ImagePath: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
935208 bytes
Created: 23.9.2009 13:38
Modified: 23.9.2009 13:38
Company: Nero AG
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\nvm62x32.sys
C:\Windows\system32\DRIVERS\nvm62x32.sys
347264 bytes
Created: 10.6.2009 23:18
Modified: 14.7.2009 0:02
Company: NVIDIA Corporation
----------
Key: NVNET
ImagePath: system32\DRIVERS\nvmf6232.sys
C:\Windows\system32\DRIVERS\nvmf6232.sys
287392 bytes
Created: 13.11.2009 16:47
Modified: 30.7.2009 17:12
Company: NVIDIA Corporation
----------
Key: nvsmu
ImagePath: system32\DRIVERS\nvsmu.sys
C:\Windows\system32\DRIVERS\nvsmu.sys
17920 bytes
Created: 10.11.2009 21:55
Modified: 29.6.2009 0:36
Company: NVIDIA Corporation
----------
Key: PDAgent
ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe"
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
939272 bytes
Created: 7.10.2009 10:04
Modified: 7.10.2009 10:04
Company: Raxco Software, Inc.
----------
Key: PDEngine
ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe"
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
1033480 bytes
Created: 7.10.2009 10:05
Modified: 7.10.2009 10:05
Company: Raxco Software, Inc.
----------
Key: PnkBstrA
ImagePath: C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrA.exe
66872 bytes
Created: 3.10.2009 14:32
Modified: 3.10.2009 14:32
Company: [no info]
----------
Key: PnkBstrB
ImagePath: C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\PnkBstrB.exe
107832 bytes
Created: 3.10.2009 14:32
Modified: 20.10.2009 16:22
Company: [no info]
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys
C:\Windows\system32\DRIVERS\rdpbus.sys
18944 bytes
Created: 14.7.2009 2:02
Modified: 14.7.2009 2:02
Company: Microsoft Corporation
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
240512 bytes
Created: 19.5.2009 10:36
Modified: 19.5.2009 10:36
Company: Microsoft Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: TuneUp.Defrag
ImagePath: C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
435016 bytes
Created: 1.11.2009 0:14
Modified: 13.11.2009 21:12
Company: TuneUp Software
----------
Key: TuneUp.UtilitiesSvc
ImagePath: "C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe"
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
1021256 bytes
Created: 13.11.2009 10:49
Modified: 13.11.2009 10:49
Company: TuneUp Software
----------
Key: TuneUpUtilitiesDrv
ImagePath: \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
10064 bytes
Created: 14.10.2009 7:24
Modified: 14.10.2009 7:24
Company: TuneUp Software
----------
Key: VideoAcceleratorService
ImagePath: C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
300656 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUsb.sys
C:\Windows\system32\DRIVERS\WinUsb.sys
34944 bytes
Created: 14.7.2009 1:51
Modified: 14.7.2009 1:51
Company: Microsoft Corporation
----------
Key: wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1533808 bytes
Created: 30.3.2009 15:28
Modified: 30.3.2009 15:28
Company: Microsoft Corporation
----------
Key: {B154377D-700F-42cc-9474-23858FBDF4BD}
ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
C:\Program Files\CyberLink\PowerDVD9\000.fcl
87536 bytes
Created: 1.9.2009 16:59
Modified: 1.9.2009 16:59
Company: CyberLink Corp.
----------
************************************************************
18:04:48: Scanning -----VXD ENTRIES-----
************************************************************
18:04:48: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]
************************************************************
18:04:48: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
2250024 bytes
Created: 24.9.2009 17:07
Modified: 24.9.2009 17:07
Company: Nero AG
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\Trojan Remover\Trshlex.dll
C:\PROGRA~1\Trojan Remover\Trshlex.dll
479744 bytes
Created: 20.11.2009 18:01
Modified: 3.5.2009 17:16
Company: Simply Super Software
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
30536 bytes
Created: 13.11.2009 10:46
Modified: 13.11.2009 10:46
Company: TuneUp Software
----------
Key: {23814B80-52A2-11d0-BC1A-004095606CB9}
Path: C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll
C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll
64168 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
************************************************************
18:04:49: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
371712 bytes
Created: 16.4.2009 13:17
Modified: 16.4.2009 13:17
Company: Sun Microsystems, Inc.
----------
Key: {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}
File: C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
2135336 bytes
Created: 17.9.2009 13:35
Modified: 17.9.2009 13:35
Company: Nero AG
----------
************************************************************
18:04:49: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}
BHO: C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
2655736 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company:
----------
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
137600 bytes
Created: 19.5.2009 10:36
Modified: 19.5.2009 10:36
Company: Microsoft Corporation
----------
Key: {C6867EB7-8350-4856-877F-93CF8AE3DC9C}
BHO: C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
531040 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:59
Company: F-Secure Corporation
----------
Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll
C:\Program Files\Windows Live\Toolbar\wltcore.dll
1068904 bytes
Created: 6.2.2009 17:17
Modified: 6.2.2009 17:17
Company: Microsoft Corporation
----------
Key: {FF7C3CF0-4B15-11D1-ABED-709549C10000}
BHO: C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
185944 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
----------
************************************************************
18:04:49: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
18:04:49: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
18:04:49: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
18:04:49: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
18:04:49: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
18:04:49: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.7.2009 6:41
Modified: 15.11.2009 11:26
Company: [no info]
--------------------
************************************************************
18:04:49: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Windows
[C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 2.10.2009 15:57
Modified: 9.11.2009 18:56
Company: [no info]
----------
LimeWire On Startup.lnk - links to C:\PROGRA~1\LimeWire\LimeWire.exe
C:\PROGRA~1\LimeWire\LimeWire.exe
503808 bytes
Created: 30.9.2009 18:06
Modified: 30.9.2009 18:06
Company: Lime Wire, LLC
----------
--------------------
************************************************************
18:04:49: Scanning ----- SCHEDULED TASKS -----
Taskname: {287E119D-0ED2-4C54-8EAE-BA6F9F44F1BB}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\InstallHelper.exe" -c "C:\Program Files\Electronic Arts\The Sims 3\Mods\Packages\[ana@66S] Dinner Party.package"
----------
Taskname: {32FF45E6-7363-42FC-8F4C-881B29EE1347}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\Downloads\SDFix.exe -d C:\Windows\system32
----------
Taskname: {541E934A-7B30-4574-8A04-F70D04FEC31E}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Windows\System\CMICNFG3.cpl
----------
Taskname: {5A1165A9-9E01-4A18-9EC9-F4DCB5277A28}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x000b -removeonly
----------
Taskname: {5A56B5AB-E303-4B18-91FE-F50859537870}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\AppData\Local\Temp\FooPlugin0.9Setup_2.1.exe -d "C:\Program Files\Last.fm" -c /SILENT /DIR="C:\Program Files\Spotify\components\"
----------
Taskname: {76B4052F-5980-44FF-AD04-92B33B076E2D}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207\TS3InstallHelper.exe -d C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207 -c /UAC:206D4 /NCRC
----------
Taskname: {AD92A0D9-2C37-4A2B-AE95-3C11C7691D38}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCCHRDWB\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: {CFC14368-E5C0-48C2-B0C1-56B9AB320110}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXQ0I92F\9-9_vista32-64_hydravision[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: {E06AAB02-A5F7-4881-8E4F-42BEA8EA7F35}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]\The Sims 3 v1.27 to v1.3.2.exe" -d "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]"
----------
Taskname: {EDBCD0B4-46A9-4906-8380-E022F78249FB}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Windows\uninstall\Satellite TV for PC Elite\setup.exe"
----------
Taskname: {F1888B49-A348-447B-9AFF-3C374B53F55B}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTJVF0OU\9-9_vista32_win7_32_dd[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: Automatic troubleshooting
File: C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
316232 bytes
Created: 13.11.2009 10:54
Modified: 13.11.2009 10:54
Company: TuneUp Software
Schedule: Multiple schedule times
Next Run Time: 20.11.2009 20:00:00
Status: Ready
Status:
Comments: Starts automatic troubleshooting at specific times
----------
Taskname: FileHippo.com Update Checker
File: C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
155648 bytes
Created: 28.9.2009 11:49
Modified: 28.9.2009 11:49
Company: FileHippo.com
Parameters: /background
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:81C859F3
----------
Taskname: InstallShield Software update service
File: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Parameters: -startup
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:04D036CE
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe - [file not found to scan]
----------
Taskname: InstallShield Software-Aktualisierungsdienst
File: C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe
196608 bytes
Created: 3.10.2009 16:08
Modified: 17.4.2004 11:41
Company: InstallShield Software Corporation
Parameters: -startup
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:7CBD3F7F
----------
Taskname: Java Update Scheduler
File: C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 3.10.2009 15:10
Modified: 5.11.2009 16:37
Company: Sun Microsystems, Inc.
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:819099AB
----------
Taskname: TuneUpUtilities_Task_BkGndMaintenance
File: C:\Program Files\TuneUp Utilities 2010\OneClick.exe
C:\Program Files\TuneUp Utilities 2010\OneClick.exe
649544 bytes
Created: 13.11.2009 10:55
Modified: 13.11.2009 10:55
Company: TuneUp Software
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Status:
Comments:
----------
Taskname: User_Feed_Synchronization-{BCAE4A76-79EC-4515-8B11-3CC294757FFB}
File: C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\msfeedssync.exe
12800 bytes
Created: 14.7.2009 1:42
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
Parameters: sync
Schedule: At 16:06:02 every day
Next Run Time: 20.11.2009 18:06:02
Status: Ready
Status: Windows-PC\Windows
Comments: Päivittää vanhentuneet järjestelmäsyötteet.
----------
************************************************************
18:04:50: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\system32\ntshrui.dll
442880 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:16
Company: Microsoft Corporation
----------
************************************************************
18:04:50: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.divxa32
File: msaud32_divx.acm
C:\Windows\system32\msaud32_divx.acm
186368 bytes
Created: 3.2.2003 8:01
Modified: 3.2.2003 8:01
Company: Microsoft Corporation
----------
Value: msacm.l3codecp
File: l3codecp.acm
C:\Windows\system32\l3codecp.acm
220672 bytes
Created: 14.7.2009 2:09
Modified: 14.7.2009 3:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.VP60
File: C:\Windows\system32\vp6vfw.dll
C:\Windows\system32\vp6vfw.dll
-R- 447752 bytes
Created: 4.9.2008 20:17
Modified: 4.9.2008 20:17
Company: On2.com
----------
Value: vidc.VP61
File: C:\Windows\system32\vp6vfw.dll
C:\Windows\system32\vp6vfw.dll - file already scanned
----------
************************************************************
18:04:51: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp
C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp
5184054 bytes
Created: 25.10.2009 16:58
Modified: 19.11.2009 23:44
Company: [no info]
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\img24.jpg
C:\Windows\web\wallpaper\img24.jpg - [file not found to scan]
----------
DNS Server information:
Interface: NVIDIA nForce Networking Controller
NameServers: 66.90.65.89,4.2.2.1
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
18:04:51: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
69632 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
6144 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wininit.exe
96256 bytes
Created: 14.7.2009 1:36
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe - file already scanned
--------------------
C:\Windows\system32\services.exe
259072 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsass.exe
22528 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
261120 bytes
Created: 14.7.2009 2:02
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\winlogon.exe
285696 bytes
Created: 14.7.2009 1:37
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
20992 bytes
Created: 14.7.2009 1:19
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\atiesrxx.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\atieclxx.exe
360448 bytes
Created: 4.11.2009 17:45
Modified: 4.11.2009 17:45
Company: AMD
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\spoolsv.exe
316416 bytes
Created: 14.7.2009 2:18
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144672 bytes
Created: 28.8.2009 18:42
Modified: 28.8.2009 18:42
Company: Apple Inc.
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12.12.2008 10:17
Modified: 12.12.2008 10:17
Company: Apple Inc.
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
476800 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:36
Company: F-Secure Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE - file already scanned
--------------------
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
73728 bytes
Created: 20.8.2009 13:34
Modified: 20.8.2009 13:34
Company: Hewlett-Packard Company
--------------------
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - file already scanned
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe - file already scanned
--------------------
C:\Windows\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Windows\system32\PnkBstrB.exe - file already scanned
--------------------
C:\Windows\system32\Dwm.exe
92672 bytes
Created: 14.7.2009 1:24
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\Explorer.EXE - file already scanned
--------------------
C:\Windows\system32\taskhost.exe
49152 bytes
Created: 14.7.2009 1:19
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe - file already scanned
--------------------
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - file already scanned
--------------------
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
140920 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
--------------------
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
486216 bytes
Created: 13.11.2009 10:51
Modified: 13.11.2009 10:51
Company: TuneUp Software
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe - file already scanned
--------------------
C:\Windows\System32\rundll32.exe
44544 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\CyberLink\Shared files\brs.exe - file already scanned
--------------------
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe - file already scanned
--------------------
C:\Program Files\Innovative Solutions\DriverMax\devices.exe - file already scanned
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
65536 bytes
Created: 22.4.2009 17:38
Modified: 22.4.2009 17:38
Company: Advanced Micro Devices Inc.
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
--------------------
C:\Program Files\LimeWire\LimeWire.exe
503808 bytes
Created: 30.9.2009 18:06
Modified: 30.9.2009 18:06
Company: Lime Wire, LLC
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
66824 bytes
Created: 7.10.2009 10:05
Modified: 7.10.2009 10:05
Company: Raxco Software, Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
183152 bytes
Created: 30.3.2009 15:28
Modified: 30.3.2009 15:28
Company: Microsoft Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fssm32.exe
599168 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:36
Company: F-Secure Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
65536 bytes
Created: 22.4.2009 17:37
Modified: 22.4.2009 17:37
Company: ATI Technologies Inc.
--------------------
C:\Windows\system32\WUDFHost.exe
195584 bytes
Created: 14.7.2009 1:50
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1121280 bytes
Created: 14.7.2009 2:09
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\AMD\AMD Power Monitor\AMD Power Monitor.exe
470016 bytes
Created: 21.5.2009 5:54
Modified: 21.5.2009 5:54
Company:
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Spotify\spotify.exe
2876144 bytes
Created: 7.10.2009 20:02
Modified: 6.11.2009 16:12
Company: Spotify AB
--------------------
C:\Program Files\uTorrent\uTorrent.exe
289072 bytes
Created: 3.10.2009 17:23
Modified: 3.10.2009 17:23
Company: BitTorrent, Inc.
--------------------
C:\Program Files\DAEMON Tools Lite\DTLite.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3883856 bytes
Created: 26.7.2009 15:44
Modified: 26.7.2009 15:44
Company: Microsoft Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSHDLL32.EXE
88672 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsav32.exe
347776 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:38
Company: F-Secure Corporation
--------------------
C:\Program Files\Windows Live\Contacts\wlcomm.exe
27512 bytes
Created: 6.2.2009 16:07
Modified: 6.2.2009 16:07
Company: Microsoft Corporation
--------------------
C:\Windows\explorer.exe - file already scanned
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
908248 bytes
Created: 24.10.2009 20:37
Modified: 3.11.2009 5:31
Company: Mozilla Corporation
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 3101560
[This is a Trojan Remover component]
--------------------
************************************************************
18:04:54: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\System32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.fi/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 18:04:54 20 marras 2009
Total Scan time: 00:00:25
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2592. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:03:11 20 marras 2009
Using Database v7425
Operating System: Windows 7 Home Premium [Build: 6.1.7600]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Windows\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Windows\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
18:03:11: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
18:03:11: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2613248 bytes
Created: 9.11.2009 19:19
Modified: 3.8.2009 7:35
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
26112 bytes
Created: 14.7.2009 1:34
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: F-Secure Manager
Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE
199264 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
--------------------
Value Name: F-Secure TNB
Value Data: "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe
2349664 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
--------------------
Value Name: CmPCIaudio
Value Data: RunDll32 CMICNFG3.cpl,CMICtrlWnd
CMICNFG3.cpl - [file not found to scan]
--------------------
Value Name: Kernel and Hardware Abstraction Layer
Value Data: KHALMNPR.EXE
C:\Windows\KHALMNPR.EXE
55824 bytes
Created: 12.11.2009 15:25
Modified: 17.6.2009 12:55
Company: Logitech, Inc.
--------------------
Value Name: BDRegion
Value Data: C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
75048 bytes
Created: 15.11.2009 13:26
Modified: 1.9.2009 17:00
Company: cyberlink
--------------------
Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
98304 bytes
Created: 4.11.2009 9:52
Modified: 4.11.2009 9:52
Company: Advanced Micro Devices, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 20.11.2009 18:01
Modified: 20.11.2009 18:02
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: SpeedBitVideoAccelerator
Value Data: C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
1435240 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
--------------------
Value Name: DriverMax
Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
7924056 bytes
Created: 9.11.2009 20:18
Modified: 30.9.2009 15:48
Company: Innovative Solutions
--------------------
Value Name: DriverMax_RESTART
Value Data: "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
7924056 bytes
Created: 9.11.2009 20:18
Modified: 30.9.2009 15:48
Company: Innovative Solutions
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
C:\Program Files\DAEMON Tools Lite\DTLite.exe
369200 bytes
Created: 30.10.2009 13:57
Modified: 30.10.2009 13:57
Company: DT Soft Ltd
--------------------
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1173504 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
Value Name: EA Core
Value Data: "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
C:\Program Files\Electronic Arts\EADM\Core.exe - [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
18:03:13: Scanning -----SHELLEXECUTEHOOKS-----
************************************************************
18:03:13: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
18:03:13: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
18:03:13: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
18:03:13: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\Windows\System32\uxtuneup.dll
30024 bytes
Created: 1.11.2009 0:14
Modified: 13.11.2009 10:45
Company: TuneUp Software
--------------------
************************************************************
18:03:14: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AMD External Events Utility
ImagePath: %SystemRoot%\system32\atiesrxx.exe
C:\Windows\system32\atiesrxx.exe
172032 bytes
Created: 4.11.2009 17:45
Modified: 4.11.2009 17:45
Company: AMD
----------
Key: AmdLLD
ImagePath: system32\DRIVERS\AmdLLD.sys
C:\Windows\system32\DRIVERS\AmdLLD.sys
42552 bytes
Created: 19.11.2009 18:08
Modified: 22.4.2009 14:32
Company: Advanced Micro Devices
----------
Key: AmdPPM
ImagePath: system32\DRIVERS\amdppm.sys
C:\Windows\system32\DRIVERS\amdppm.sys
52736 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 1:11
Company: Microsoft Corporation
----------
Key: amdsata
ImagePath: \SystemRoot\system32\DRIVERS\amdsata.sys
C:\Windows\system32\DRIVERS\amdsata.sys
79952 bytes
Created: 10.6.2009 23:19
Modified: 14.7.2009 3:26
Company: Advanced Micro Devices
----------
Key: amdxata
ImagePath: system32\DRIVERS\amdxata.sys
C:\Windows\system32\DRIVERS\amdxata.sys
23616 bytes
Created: 14.7.2009 0:09
Modified: 14.7.2009 3:26
Company: Advanced Micro Devices
----------
Key: archlp
ImagePath: system32\drivers\archlp.sys
C:\Windows\system32\drivers\archlp.sys - [file not found to scan]
----------
Key: AtiHdmiService
ImagePath: system32\drivers\AtiHdmi.sys
C:\Windows\system32\drivers\AtiHdmi.sys
104976 bytes
Created: 18.11.2009 14:12
Modified: 30.9.2009 16:33
Company: ATI Technologies, Inc.
----------
Key: cmuda3
ImagePath: system32\drivers\cmudax3.sys
C:\Windows\system32\drivers\cmudax3.sys
1872320 bytes
Created: 13.11.2009 16:48
Modified: 15.6.2009 15:08
Company: C-Media Inc
----------
Key: F-Secure Filter
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSfilter.sys
39776 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: F-Secure Gatekeeper
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsgk.sys
101496 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:38
Company: F-Secure Corporation
----------
Key: F-Secure Gatekeeper Handler Starter
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe"
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
215648 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: F-Secure HIPS
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys
C:\Program Files\Sonera\Sonera Tietoturva\HIPS\drivers\fshs.sys
68064 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
----------
Key: F-Secure Recognizer
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\Win2K\FSrec.sys
25184 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
655624 bytes
Created: 18.10.2007 16:07
Modified: 18.10.2007 16:07
Company: Acresso Software Inc.
----------
Key: fsbts
ImagePath: system32\Drivers\fsbts.sys
C:\Windows\system32\Drivers\fsbts.sys
33920 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:39
Company: F-Secure Corporation
----------
Key: FSDFWD
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe"
C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
522848 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:59
Company: F-Secure Corporation
----------
Key: FSES
ImagePath: System32\drivers\fses.sys
C:\Windows\System32\drivers\fses.sys
35680 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
----------
Key: FSFW
ImagePath: System32\drivers\fsdfw.sys
C:\Windows\System32\drivers\fsdfw.sys
71040 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:57
Company: F-Secure Corporation
----------
Key: FSMA
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE"
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
186976 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
----------
Key: FSORSPClient
ImagePath: "C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe"
C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
55928 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:37
Company: F-Secure Corporation
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr.sys
C:\Windows\system32\DRIVERS\fssfltr.sys
54632 bytes
Created: 3.10.2009 16:01
Modified: 5.8.2009 21:48
Company: Microsoft Corporation
----------
Key: fsssvc
ImagePath: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
704864 bytes
Created: 5.8.2009 21:48
Modified: 5.8.2009 21:48
Company: Microsoft Corporation
----------
Key: fsvista
ImagePath: \??\C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\minifilter\fsvista.sys
12384 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\Windows\system32\DRIVERS\irsir.sys
20992 bytes
Created: 19.1.2008 5:55
Modified: 19.1.2008 5:55
Company: Microsoft Corporation
----------
Key: LGDDCDevice
ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys
C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys
14336 bytes
Created: 3.10.2009 16:08
Modified: 12.12.2008 14:27
Company: [no info]
----------
Key: LGII2CDevice
ImagePath: \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys
C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys
18432 bytes
Created: 3.10.2009 16:08
Modified: 12.12.2008 14:27
Company: [no info]
----------
Key: Nero BackItUp Scheduler 4.0
ImagePath: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
935208 bytes
Created: 23.9.2009 13:38
Modified: 23.9.2009 13:38
Company: Nero AG
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\nvm62x32.sys
C:\Windows\system32\DRIVERS\nvm62x32.sys
347264 bytes
Created: 10.6.2009 23:18
Modified: 14.7.2009 0:02
Company: NVIDIA Corporation
----------
Key: NVNET
ImagePath: system32\DRIVERS\nvmf6232.sys
C:\Windows\system32\DRIVERS\nvmf6232.sys
287392 bytes
Created: 13.11.2009 16:47
Modified: 30.7.2009 17:12
Company: NVIDIA Corporation
----------
Key: nvsmu
ImagePath: system32\DRIVERS\nvsmu.sys
C:\Windows\system32\DRIVERS\nvsmu.sys
17920 bytes
Created: 10.11.2009 21:55
Modified: 29.6.2009 0:36
Company: NVIDIA Corporation
----------
Key: PDAgent
ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe"
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
939272 bytes
Created: 7.10.2009 10:04
Modified: 7.10.2009 10:04
Company: Raxco Software, Inc.
----------
Key: PDEngine
ImagePath: "C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe"
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
1033480 bytes
Created: 7.10.2009 10:05
Modified: 7.10.2009 10:05
Company: Raxco Software, Inc.
----------
Key: PnkBstrA
ImagePath: C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrA.exe
66872 bytes
Created: 3.10.2009 14:32
Modified: 3.10.2009 14:32
Company: [no info]
----------
Key: PnkBstrB
ImagePath: C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\PnkBstrB.exe
107832 bytes
Created: 3.10.2009 14:32
Modified: 20.10.2009 16:22
Company: [no info]
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys
C:\Windows\system32\DRIVERS\rdpbus.sys
18944 bytes
Created: 14.7.2009 2:02
Modified: 14.7.2009 2:02
Company: Microsoft Corporation
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
240512 bytes
Created: 19.5.2009 10:36
Modified: 19.5.2009 10:36
Company: Microsoft Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: TuneUp.Defrag
ImagePath: C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
435016 bytes
Created: 1.11.2009 0:14
Modified: 13.11.2009 21:12
Company: TuneUp Software
----------
Key: TuneUp.UtilitiesSvc
ImagePath: "C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe"
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
1021256 bytes
Created: 13.11.2009 10:49
Modified: 13.11.2009 10:49
Company: TuneUp Software
----------
Key: TuneUpUtilitiesDrv
ImagePath: \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
10064 bytes
Created: 14.10.2009 7:24
Modified: 14.10.2009 7:24
Company: TuneUp Software
----------
Key: VideoAcceleratorService
ImagePath: C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
300656 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUsb.sys
C:\Windows\system32\DRIVERS\WinUsb.sys
34944 bytes
Created: 14.7.2009 1:51
Modified: 14.7.2009 1:51
Company: Microsoft Corporation
----------
Key: wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1533808 bytes
Created: 30.3.2009 15:28
Modified: 30.3.2009 15:28
Company: Microsoft Corporation
----------
Key: {B154377D-700F-42cc-9474-23858FBDF4BD}
ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
C:\Program Files\CyberLink\PowerDVD9\000.fcl
87536 bytes
Created: 1.9.2009 16:59
Modified: 1.9.2009 16:59
Company: CyberLink Corp.
----------
************************************************************
18:03:35: Scanning -----VXD ENTRIES-----
************************************************************
18:03:35: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]
************************************************************
18:03:35: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
2250024 bytes
Created: 24.9.2009 17:07
Modified: 24.9.2009 17:07
Company: Nero AG
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\Trojan Remover\Trshlex.dll
C:\PROGRA~1\Trojan Remover\Trshlex.dll
479744 bytes
Created: 20.11.2009 18:01
Modified: 3.5.2009 17:16
Company: Simply Super Software
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
30536 bytes
Created: 13.11.2009 10:46
Modified: 13.11.2009 10:46
Company: TuneUp Software
----------
Key: {23814B80-52A2-11d0-BC1A-004095606CB9}
Path: C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll
C:\Program Files\Sonera\Sonera Tietoturva\Common\fpshx.dll
64168 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:56
Company: F-Secure Corporation
----------
************************************************************
18:03:36: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
371712 bytes
Created: 16.4.2009 13:17
Modified: 16.4.2009 13:17
Company: Sun Microsystems, Inc.
----------
Key: {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}
File: C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll
2135336 bytes
Created: 17.9.2009 13:35
Modified: 17.9.2009 13:35
Company: Nero AG
----------
************************************************************
18:03:36: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}
BHO: C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
2655736 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company:
----------
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
137600 bytes
Created: 19.5.2009 10:36
Modified: 19.5.2009 10:36
Company: Microsoft Corporation
----------
Key: {C6867EB7-8350-4856-877F-93CF8AE3DC9C}
BHO: C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
531040 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:59
Company: F-Secure Corporation
----------
Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll
C:\Program Files\Windows Live\Toolbar\wltcore.dll
1068904 bytes
Created: 6.2.2009 17:17
Modified: 6.2.2009 17:17
Company: Microsoft Corporation
----------
Key: {FF7C3CF0-4B15-11D1-ABED-709549C10000}
BHO: C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
185944 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
----------
************************************************************
18:03:36: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
18:03:36: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
18:03:36: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
18:03:36: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
18:03:36: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
18:03:36: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.7.2009 6:41
Modified: 15.11.2009 11:26
Company: [no info]
--------------------
************************************************************
18:03:36: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Windows
[C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 2.10.2009 15:57
Modified: 9.11.2009 18:56
Company: [no info]
----------
LimeWire On Startup.lnk - links to C:\PROGRA~1\LimeWire\LimeWire.exe
C:\PROGRA~1\LimeWire\LimeWire.exe
503808 bytes
Created: 30.9.2009 18:06
Modified: 30.9.2009 18:06
Company: Lime Wire, LLC
----------
--------------------
************************************************************
18:03:37: Scanning ----- SCHEDULED TASKS -----
Taskname: {287E119D-0ED2-4C54-8EAE-BA6F9F44F1BB}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Program Files\Mad Scientist Productions\TS3 Install Helper Monkey\InstallHelper.exe" -c "C:\Program Files\Electronic Arts\The Sims 3\Mods\Packages\[ana@66S] Dinner Party.package"
----------
Taskname: {32FF45E6-7363-42FC-8F4C-881B29EE1347}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\Downloads\SDFix.exe -d C:\Windows\system32
----------
Taskname: {541E934A-7B30-4574-8A04-F70D04FEC31E}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Windows\System\CMICNFG3.cpl
----------
Taskname: {5A1165A9-9E01-4A18-9EC9-F4DCB5277A28}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x000b -removeonly
----------
Taskname: {5A56B5AB-E303-4B18-91FE-F50859537870}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\AppData\Local\Temp\FooPlugin0.9Setup_2.1.exe -d "C:\Program Files\Last.fm" -c /SILENT /DIR="C:\Program Files\Spotify\components\"
----------
Taskname: {76B4052F-5980-44FF-AD04-92B33B076E2D}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207\TS3InstallHelper.exe -d C:\Users\Windows\AppData\Local\Temp\Rar$EX00.207 -c /UAC:206D4 /NCRC
----------
Taskname: {AD92A0D9-2C37-4A2B-AE95-3C11C7691D38}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCCHRDWB\Firefox%20Setup%203.5.5[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: {CFC14368-E5C0-48C2-B0C1-56B9AB320110}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXQ0I92F\9-9_vista32-64_hydravision[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: {E06AAB02-A5F7-4881-8E4F-42BEA8EA7F35}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]\The Sims 3 v1.27 to v1.3.2.exe" -d "C:\Users\Windows\Downloads\The Sims 3 v1.3.2 Crack +Patch [Hirya]"
----------
Taskname: {EDBCD0B4-46A9-4906-8380-E022F78249FB}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Windows\uninstall\Satellite TV for PC Elite\setup.exe"
----------
Taskname: {F1888B49-A348-447B-9AFF-3C374B53F55B}
File: C:\Windows\system32\pcalua.exe - globally excluded
Parameters: -a "C:\Users\Windows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTJVF0OU\9-9_vista32_win7_32_dd[1].exe" -d C:\Users\Windows\Desktop
----------
Taskname: Automatic troubleshooting
File: C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
316232 bytes
Created: 13.11.2009 10:54
Modified: 13.11.2009 10:54
Company: TuneUp Software
Schedule: Multiple schedule times
Next Run Time: 20.11.2009 20:00:00
Status: Ready
Status:
Comments: Starts automatic troubleshooting at specific times
----------
Taskname: FileHippo.com Update Checker
File: C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
155648 bytes
Created: 28.9.2009 11:49
Modified: 28.9.2009 11:49
Company: FileHippo.com
Parameters: /background
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:81C859F3
----------
Taskname: InstallShield Software update service
File: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Parameters: -startup
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:04D036CE
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe - [file not found to scan]
----------
Taskname: InstallShield Software-Aktualisierungsdienst
File: C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe
196608 bytes
Created: 3.10.2009 16:08
Modified: 17.4.2004 11:41
Company: InstallShield Software Corporation
Parameters: -startup
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:7CBD3F7F
----------
Taskname: Java Update Scheduler
File: C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 3.10.2009 15:10
Modified: 5.11.2009 16:37
Company: Sun Microsystems, Inc.
Schedule: At 10:00:00 every maanantai of every week, starting 1.1.2008
Next Run Time: 23.11.2009 10:00:00
Status: Ready
Status: TuneUp
Comments: tuident:819099AB
----------
Taskname: TuneUpUtilities_Task_BkGndMaintenance
File: C:\Program Files\TuneUp Utilities 2010\OneClick.exe
C:\Program Files\TuneUp Utilities 2010\OneClick.exe
649544 bytes
Created: 13.11.2009 10:55
Modified: 13.11.2009 10:55
Company: TuneUp Software
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Status:
Comments:
----------
Taskname: User_Feed_Synchronization-{BCAE4A76-79EC-4515-8B11-3CC294757FFB}
File: C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\msfeedssync.exe
12800 bytes
Created: 14.7.2009 1:42
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
Parameters: sync
Schedule: At 16:06:02 every day
Next Run Time: 20.11.2009 18:06:02
Status: Ready
Status: Windows-PC\Windows
Comments: Päivittää vanhentuneet järjestelmäsyötteet.
----------
************************************************************
18:03:38: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\system32\ntshrui.dll
442880 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:16
Company: Microsoft Corporation
----------
************************************************************
18:03:38: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.divxa32
File: msaud32_divx.acm
C:\Windows\system32\msaud32_divx.acm
186368 bytes
Created: 3.2.2003 8:01
Modified: 3.2.2003 8:01
Company: Microsoft Corporation
----------
Value: msacm.l3codecp
File: l3codecp.acm
C:\Windows\system32\l3codecp.acm
220672 bytes
Created: 14.7.2009 2:09
Modified: 14.7.2009 3:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.VP60
File: C:\Windows\system32\vp6vfw.dll
C:\Windows\system32\vp6vfw.dll
-R- 447752 bytes
Created: 4.9.2008 20:17
Modified: 4.9.2008 20:17
Company: On2.com
----------
Value: vidc.VP61
File: C:\Windows\system32\vp6vfw.dll
C:\Windows\system32\vp6vfw.dll - file already scanned
----------
************************************************************
18:03:38: ----- ADDITIONAL CHECKS -----
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp
C:\Users\Windows\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp
5184054 bytes
Created: 25.10.2009 16:58
Modified: 19.11.2009 23:44
Company: [no info]
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\img24.jpg
C:\Windows\web\wallpaper\img24.jpg - [file not found to scan]
----------
DNS Server information:
Interface: NVIDIA nForce Networking Controller
NameServers: 66.90.65.89,4.2.2.1
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
18:03:39: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
69632 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
6144 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\wininit.exe
96256 bytes
Created: 14.7.2009 1:36
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe - file already scanned
--------------------
C:\Windows\system32\services.exe
259072 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsass.exe
22528 bytes
Created: 14.7.2009 1:11
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
261120 bytes
Created: 14.7.2009 2:02
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\winlogon.exe
285696 bytes
Created: 14.7.2009 1:37
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
20992 bytes
Created: 14.7.2009 1:19
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\atiesrxx.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\atieclxx.exe
360448 bytes
Created: 4.11.2009 17:45
Modified: 4.11.2009 17:45
Company: AMD
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\spoolsv.exe
316416 bytes
Created: 14.7.2009 2:18
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144672 bytes
Created: 28.8.2009 18:42
Modified: 28.8.2009 18:42
Company: Apple Inc.
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12.12.2008 10:17
Modified: 12.12.2008 10:17
Company: Apple Inc.
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
476800 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:36
Company: F-Secure Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE - file already scanned
--------------------
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
73728 bytes
Created: 20.8.2009 13:34
Modified: 20.8.2009 13:34
Company: Hewlett-Packard Company
--------------------
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - file already scanned
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe - file already scanned
--------------------
C:\Windows\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Windows\system32\PnkBstrB.exe - file already scanned
--------------------
C:\Windows\system32\Dwm.exe
92672 bytes
Created: 14.7.2009 1:24
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\Explorer.EXE - file already scanned
--------------------
C:\Windows\system32\taskhost.exe
49152 bytes
Created: 14.7.2009 1:19
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe - file already scanned
--------------------
C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - file already scanned
--------------------
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
140920 bytes
Created: 18.10.2009 18:42
Modified: 18.10.2009 18:42
Company: Speedbit Ltd.
--------------------
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
486216 bytes
Created: 13.11.2009 10:51
Modified: 13.11.2009 10:51
Company: TuneUp Software
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe - file already scanned
--------------------
C:\Windows\System32\rundll32.exe
44544 bytes
Created: 14.7.2009 1:41
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\CyberLink\Shared files\brs.exe - file already scanned
--------------------
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe - file already scanned
--------------------
C:\Program Files\Innovative Solutions\DriverMax\devices.exe - file already scanned
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
65536 bytes
Created: 22.4.2009 17:38
Modified: 22.4.2009 17:38
Company: Advanced Micro Devices Inc.
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
--------------------
C:\Program Files\LimeWire\LimeWire.exe
503808 bytes
Created: 30.9.2009 18:06
Modified: 30.9.2009 18:06
Company: Lime Wire, LLC
--------------------
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
66824 bytes
Created: 7.10.2009 10:05
Modified: 7.10.2009 10:05
Company: Raxco Software, Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
183152 bytes
Created: 30.3.2009 15:28
Modified: 30.3.2009 15:28
Company: Microsoft Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fssm32.exe
599168 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:36
Company: F-Secure Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
65536 bytes
Created: 22.4.2009 17:37
Modified: 22.4.2009 17:37
Company: ATI Technologies Inc.
--------------------
C:\Windows\system32\WUDFHost.exe
195584 bytes
Created: 14.7.2009 1:50
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1121280 bytes
Created: 14.7.2009 2:09
Modified: 14.7.2009 3:14
Company: Microsoft Corporation
--------------------
C:\Program Files\AMD\AMD Power Monitor\AMD Power Monitor.exe
470016 bytes
Created: 21.5.2009 5:54
Modified: 21.5.2009 5:54
Company:
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Spotify\spotify.exe
2876144 bytes
Created: 7.10.2009 20:02
Modified: 6.11.2009 16:12
Company: Spotify AB
--------------------
C:\Program Files\uTorrent\uTorrent.exe
289072 bytes
Created: 3.10.2009 17:23
Modified: 3.10.2009 17:23
Company: BitTorrent, Inc.
--------------------
C:\Program Files\DAEMON Tools Lite\DTLite.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3883856 bytes
Created: 26.7.2009 15:44
Modified: 26.7.2009 15:44
Company: Microsoft Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSHDLL32.EXE
88672 bytes
Created: 9.11.2009 20:27
Modified: 5.8.2009 17:58
Company: F-Secure Corporation
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe - file already scanned
--------------------
C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsav32.exe
347776 bytes
Created: 9.11.2009 20:27
Modified: 9.11.2009 20:38
Company: F-Secure Corporation
--------------------
C:\Program Files\Windows Live\Contacts\wlcomm.exe
27512 bytes
Created: 6.2.2009 16:07
Modified: 6.2.2009 16:07
Company: Microsoft Corporation
--------------------
C:\Windows\explorer.exe - file already scanned
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
908248 bytes
Created: 24.10.2009 20:37
Modified: 3.11.2009 5:31
Company: Mozilla Corporation
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 3101560
[This is a Trojan Remover component]
--------------------
************************************************************
18:03:52: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\System32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.fi/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 18:03:52 20 marras 2009
Total Scan time: 00:00:41
************************************************************
|
|
Hujo
Suspended permanently
|
21. marraskuuta 2009 @ 11:30 |
Linkki tähän viestiin
|
Lähetetääni tiedosto Virustotaliin
virustotal
1 Klikkaa Selaa... nappia
2 Selaa sitten siihen tämä tiedosto: C:\Windows\system32\ojz1130.tmp.exe
3 Klikkaa Avaa nappia
4 Klikkaa Send nappia
5 Sivusto scannaa tiedostoa hetken, tallenna sitten tulokset jotka saat vaikka muistioon.
Katos vielä mille firmalle tuo tiedosto kuuluu ominaisuuksista
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. marraskuuta 2009 @ 11:33
|
Member
1 tuotearvio
|
21. marraskuuta 2009 @ 13:26 |
Linkki tähän viestiin
|
|
kyseitä tiedosta ei löydy enään koneeltani voiko se olla toisella nimellä vai onko se poistunut kun käytin trojan removeria?
|
|
Hujo
Suspended permanently
|
21. marraskuuta 2009 @ 13:49 |
Linkki tähän viestiin
|
|
scannaa uusi hjt:n loki
|
Member
1 tuotearvio
|
21. marraskuuta 2009 @ 14:04 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:28, on 23.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system\CMGxMon.exe
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE
C:\Windows\System32\wpcumi.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Windows\System32\ojz1130.tmp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Uniblue\RegistryBooster 2009\registrybooster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Yamicsoft\Vista Manager\VistaManager.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cmaudio8768GX] C:\Windows\system\CmGXMon.exe Envoke
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [ojz1130.tmp.exe] C:\Windows\system32\ojz1130.tmp.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [UnibluePowerSuite] C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/ve...vex-2.2.5.0.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/c...opAntiVirus.dll
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
--
End of file - 9352 bytes
|
Member
1 tuotearvio
|
21. marraskuuta 2009 @ 14:06 |
Linkki tähän viestiin
|
|
|
|
Hujo
Suspended permanently
|
21. marraskuuta 2009 @ 14:15 |
Linkki tähän viestiin
|
|
Tuota toi loki on sama kuin ylhäällä poista ensin vanhaloki ja scannaa sitten uusi
|
Member
1 tuotearvio
|
21. marraskuuta 2009 @ 14:22 |
Linkki tähän viestiin
|
|
se ei suostu antamaan uusin lokia se yrittää antaa lokin päivältä 23.10.2009 eikä tältä päivältä
|
Member
1 tuotearvio
|
21. marraskuuta 2009 @ 14:25 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:27, on 21.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trojan Remover\Rmvtrjan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Windows\AppData\Local\Temp\nro.tmp\"
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/ve...vex-2.2.5.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/c...opAntiVirus.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
--
End of file - 9930 bytes
|
|
Hujo
Suspended permanently
|
21. marraskuuta 2009 @ 14:52 |
Linkki tähän viestiin
|
Lataa Malwarebytes' Anti-Malware työpöydällesi.
1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi
|
Member
1 tuotearvio
|
22. marraskuuta 2009 @ 14:31 |
Linkki tähän viestiin
|
Malwarebytes' Anti-Malware 1.41
Tietokantaversio: 3213
Windows 6.1.7600 (Safe Mode)
22.11.2009 14:28:52
mbam-log-2009-11-22 (14-28-52).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 256654
Kulunut aika: 21 minute(s), 6 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 1
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\SoftVeteran (Rogue.SoftVeteran) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)
Saastuneita tiedostoja:
C:\Users\Windows\Downloads\Alpha-Setupa5320f_2015-8.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:18, on 22.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/ve...vex-2.2.5.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/c...opAntiVirus.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
--
End of file - 9284 bytes
|
|
Hujo
Suspended permanently
|
22. marraskuuta 2009 @ 14:45 |
Linkki tähän viestiin
|
|
scannaa hjt:llä merkkaa paina Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O13 - Gopher Prefix:
sammuta ja käynnistä
ja se siintä
|
Member
1 tuotearvio
|
24. marraskuuta 2009 @ 16:45 |
Linkki tähän viestiin
|
Suoritn pyörittää 100 ja kone hidastelee kone on 2kk vanha
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:31, on 24.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TuneUp Utilities 2010\Integrator.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\Grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Sonera\Sonera Tietoturva\NRS\iescript\baselitmus.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera\Sonera Tietoturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Verkkopalvelu')
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/ve...vex-2.2.5.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/c...opAntiVirus.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6446A87-6AF1-4B6A-946A-ABC56B11F795}: NameServer = 66.90.65.89,4.2.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Folding@HomeCPU\1\Fah.exe
O23 - Service: Folding@home-CPU-[2] - Unknown owner - C:\Folding@HomeCPU\2\Fah.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Sonera\Sonera Tietoturva\ORSP Client\fsorsp.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
--
End of file - 9800 bytes
|
|
Hujo
Suspended permanently
|
24. marraskuuta 2009 @ 19:37 |
Linkki tähän viestiin
|
|
Poista lisää poista sovelutuksesta
DAEMON Tools Toolbar
Poista kansio
C:\Program Files\DAEMON Tools Toolbar
|
Member
1 tuotearvio
|
24. marraskuuta 2009 @ 20:46 |
Linkki tähän viestiin
|
|
ongelma 2. Kun alan pyörittämään sims 3:sta se on aivan äärettömän hidas pelkkä pelin starttaus kehtää 20min ja kysseessä on UUSI KONE
|
|
Hujo
Suspended permanently
|
24. marraskuuta 2009 @ 21:08 |
Linkki tähän viestiin
|
Mulla on taas vanha kone. Oli uusi siloin kun hommasin hyvään am2 kanta socret aikaan.
onkos toi yllä oleva tehty
sitten otetaan
? Avaa HiJackThis
? Klikkaa "Configure" valintaa oikealla alhaalla
? Klikkaa "Misc Tools"
? Klikkaa boxia joka sanoo "Uninstall Manager"
? Klikkaa valintaa "Save list"
? Kopioi ja liitä kyseinen lista muistiosta ketjuusi
|
Member
1 tuotearvio
|
25. marraskuuta 2009 @ 08:17 |
Linkki tähän viestiin
|
1. ongelma ei ole vielä poistunut syöritin pyörittää yhä 100%
µTorrent
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2 - Suomi
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
AMD Machine Check Analysis Tool
AMD Power Monitor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock IES
ASRock InstantBoot
ASRock OC Tuner
ATI AVIVO Codecs
ATI Catalyst Registration
Bonjour
Canon MP450
Catalyst Control Center - Branding
CCleaner
C-Media PCI Audio Device
Connect
CyberLink BD Advisor 2.0
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink PhotoNow!
CyberLink PowerBackup
CyberLink PowerDVD 9
CyberLink PowerDVD 9
CyberLink UDF Reader 5.0
Defraggler
DriverMax 5
EA Download Manager
Far Cry 2
FileHippo.com Update Checker
forteManager
F-Secure PSC Prerequisites
HijackThis 2.0.2
HydraVision
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
kuler
Last.fm 1.5.4.24567
LG Tool Kit
LG USB Modem driver
LightScribe System Software
LimeWire PRO 5.3.6
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Finnish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Groove MUI (Finnish) 2007
Microsoft Office InfoPath MUI (Finnish) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office Outlook MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
Nero CoverDesigner
Nero DriveSpeed
Nero Installer
Nero PhotoSnap
Nero Recode
Nero ShowTime
Nero StartSmart
Nero WaveEditor
Nero Vision
NeroBurningROM
NeroExpress
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Ohjelman Microsoft Office Excel 2007 Help päivitys (KB963678)
Ohjelman Microsoft Office Powerpoint 2007 Help päivitys (KB963669)
Ohjelman Microsoft Office Word 2007 Help päivitys (KB963665)
OpenAL
OpenOffice.org 3.1
PDF Settings CS4
Photoshop Camera Raw
PowerISO
PunkBuster Services
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Software Informer 1.0 BETA
Sonera Tietoturva
SoundTrax
SpeedBit Video Accelerator
SpeedBit Video Downloader
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Suite Shared Configuration CS4
System Requirements Lab
The Sims? 3
Trojan Remover 6.8.1
TS3 Install Helper Monkey
TuneUp Utilities
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb975960)
VideoLAN VLC media player 0.8.6d
Windows Live Call
Windows Live Communications Platform
Windows Live ID -kirjautumisavustaja
Windows Live Messenger
Windows Live -perheturva
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Liven asennustyökalu
Windows Liven asennustyökalu
Windows Liven elokuvatyökalu
Windows Liven lataustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
Windows Vista Upgrade Advisor
WinRAR archiver
|
|
Mainos
|
|
|
|
Hujo
Suspended permanently
|
25. marraskuuta 2009 @ 15:20 |
Linkki tähän viestiin
|
Poista lisää poista sovelutuksesta
SpeedBit Video Accelerator
SpeedBit Video Downloader
Poista kansio
C:\Program Files\SpeedBit Video Accelerator
-------
Mene käynnistä -> suorita -> services.msc -> ok
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
Tuplalikkaa tuota serviceä laita seis alasvetovalikosta ei käytössä ja klikkaa käytä ja ok
--------
Tarkista Kaspersky Online Skannerilla
1. Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept.
2. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run.
3. Kun lataus on valmis, klikkaa Settings.
4. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
5. Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta.
6. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report.
7. Näet listan saastuneista kohteista. Klikkaa Save Report As....
8. Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save.
9. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. marraskuuta 2009 @ 15:22
|
|
