Koneessa ainakin seuraavat ongelmat: TR/Drop.Agent.qna.2, APPL/KillApp.A,, EXP/Pidief.aia, SWF/Drop.Small.LJ

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

tiistai 18.11.2025 / 10:12

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > koneessa ainakin seuraavat ongelmat: tr/drop.agent.qna.2, appl/killapp.a,, exp/pidief.aia, swf/drop.small.lj

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Koneessa ainakin seuraavat ongelmat: TR/Drop.Agent.qna.2, APPL/KillApp.A,, EXP/Pidief.aia, SWF/Drop.Small.LJ

Siirry:

Kirjoittaja

Viesti

jnZke

Newbie

19. toukokuuta 2009 @ 23:07

Linkki tähän viestiin

Hei,
Voisiko joku auttaa koneen putsaamisessa, Avira piippaa jatkuvaan ja viruksia löytyy melkoisesti.

Alla HJT-logi ja Aviran havainnot. Yritin ladata koneelle eScan:ia, mutta sivu ei suostunut aukeamaan.

---

Logfile of HijackThis v1.99.1
Scan saved at 22:48:32, on 19.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\skanneri.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

-------

Aviran logi:

Exported events:

19.5.2009 22:32 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Delete file

19.5.2009 22:30 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 22:30 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 22:21 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 22:20 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Deny access

19.5.2009 22:06 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 22:01 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 22:00 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 22:00 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 21:50 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 21:50 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 21:50 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdjxxxxxxxxxxxx.
Action performed: Move file to quarantine

19.5.2009 21:50 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 21:50 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Allow access

19.5.2009 21:28 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 21:24 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 21:22 [Guard] Malware found
Virus or unwanted program 'APPL/KillApp.A [program]'
detected in file 'C:\hp\bin\KillIt.exe.
Action performed: Move file to quarantine

19.5.2009 21:20 [Guard] Malware found
Virus or unwanted program 'EXP/Pidief.aia [exploit]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\Temporary Internet Files\Content.IE5\IA9T8SE4\zt9i[1].pdf.
Action performed: Move file to quarantine

19.5.2009 21:20 [Guard] Malware found
Virus or unwanted program 'SWF/Drop.Small.LJ [virus]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\Temporary Internet Files\Content.IE5\5OO19JZD\xWku[1].swf.
Action performed: Move file to quarantine

19.5.2009 21:20 [Guard] Malware found
Virus or unwanted program 'EXP/Pidief.aia [exploit]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\Temp\AcrCFE1.tmp.
Action performed: Move file to quarantine

19.5.2009 21:19 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdjxxxx.
Action performed: Move file to quarantine

19.5.2009 21:19 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdjxxx.
Action performed: Move file to quarantine

19.5.2009 21:19 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdjxx.
Action performed: Move file to quarantine

19.5.2009 21:19 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdjx.
Action performed: Move file to quarantine

19.5.2009 21:18 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 20:51 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Move file to quarantine

19.5.2009 20:50 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Deny access

19.5.2009 20:49 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxx.
Action performed: Deny access

19.5.2009 20:49 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Action performed: Deny access

19.5.2009 20:49 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Delete file

19.5.2009 20:46 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Delete file

19.5.2009 20:46 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdjxxxxxxxxxxxxx.
Action performed: Delete file

19.5.2009 20:45 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Delete file

19.5.2009 20:33 [Guard] Malware found
Virus or unwanted program 'TR/Drop.Agent.qna.2 [trojan]'
detected in file 'C:\Documents and Settings\Compaq_Omistaja\Local
Settings\leygkhs.qdj.
Action performed: Deny access

[ + lainaa]

warwas

Suspended permanently

19. toukokuuta 2009 @ 23:50

Linkki tähän viestiin

Sulla on Escan koneella.

Lataa [url=http://www.besttechie.net/tools/mbam-setup.exe][color=blue]Malwarebytes' Anti-Malware[/color][/url] työpöydällesi.

Jos linkki ei toimi, voit ladata myös seuraavista linkeistä:
Linkki1
Linkki2

[list][*]Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
[*]Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
[*]Jos päivitys löytyy, ohjelma lataa ja asentaa uusimman version. [color=#009900]Jos päivityksien lataaminen ei onnistu, voit ladata päivitykset tästä. Tuplaklikkaa mbam-rules.exe asentaaksesi päivitykset.[/color]
[*]Kun ohjelma on latautunut ja päivitykset tehty, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
[*]Kun tarkistus on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
[*]Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
[*]Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
[*]Lähetä lokin sisältö seuraavassa viestissäsi.[/list]

[color=#009900]Huom. Jos Mbam ei pystynyt poistamaan tiedostoa, se pyytää sinua käynnistämään koneesi uudelleen. Käynnistä koneesi silloin uudelleen heti. Mbam voi tehdä muutoksia rekisteriisi osana puhdistusta. Jos käytät suojausohjelmaa, joka havaitsee rekisterin muutokset, salli Mbamin tehdä muutokset.[/color]

[list][*]Lataa tästä [color=blue]random's system information tool (RSIT)[/color] by [color=#6600cc]random/random[/color] ja tallenna se työpöydälle
[*]Tuplaklikkaa RSIT.exeä ajaaksesi [color=blue]RSITin[/color].
[*]Klikkaa Continue.
[*]Kun RSIT on valmis, kaksi lokia avautuu muistioon. Lähetä sekä log.txt:n (<<avautuu suurennettuna) että info.txt:n (<<avautuu pienennettynä) sisältö seuraavassa viestissäsi.[/list]

[ + lainaa]

jnZke

Newbie

20. toukokuuta 2009 @ 16:47

Linkki tähän viestiin

Skannasin eilen illalla Malwarebytes:lla, eikä se löytänyt mitään, nyt skannasin uudelleen ja se löysi 2 haittaohjelmaa. Alla MB_n logi skannauksen jälkeiset RSIT logit.

-----------

Malwarebytes:

Malwarebytes' Anti-Malware 1.36
Tietokantaversio: 2124
Windows 5.1.2600 Service Pack 3

20.5.2009 18:57:48
mbam-log-2009-05-20 (18-57-48).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 190178
Kulunut aika: 40 minute(s), 52 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 2

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\Documents and Settings\Compaq_Omistaja\Local Settings\leygkhs.qdj (Trojan.Daonol) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Omistaja\Local Settings\leygkhs.qdjx (Trojan.Daonol) -> Quarantined and deleted successfully.

--------------------

info.txt logfile of random's system information tool 1.06 2009-05-20 19:35:33

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 - Suomi-->MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70500000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x000b -removeonly
ATI-ohjauspaneeli-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Brownstone Equation Editor 5-->"C:\Program Files\Tutor 6\Equation Editor\Setup.exe" -R
BSPlayer-->"C:\Program Files\BSPlayer\uninstall.exe"
Cardio PC Link v1.1.1se-->C:\PROGRAM FILES\CARDIO PC LINK\setup\setup.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combined Community Codec Pack 2006-07-28 (Remove Only)-->C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040B-0000-0000000FF1CE}
DC++ 0.674-->"C:\Program Files\DC++\uninstall.exe"
EA SPORTS online 2008-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EPSON PhotoQuicker3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ffdshow-->"C:\Program Files\ffdshow\uninstall.exe"
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Finnish Language Pack-->MsiExec.exe /X{4538A1AF-6894-4F10-ABDA-6CB9E6ACF8B6}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{2EF8368A-5670-45C0-82F1-D7B00F7E7AB8}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11035}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Päivitys Windows XP:lle (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Internet Explorer 7:lle (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 10:lle (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 10:lle (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 11:lle (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Player 11:lle (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Suojauspäivitys Windows Media Playerille (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sygate Personal Firewall Pro-->MsiExec.exe /I{10B446B3-4DF4-4489-A168-8A98F7CD807E}
Tutor-->C:\PROGRA~1\Tutor 6\UNWISE.EXE C:\PROGRA~1\Tutor 6\EXINST.LOG
Tärkeä päivitys Windows Media Player 11:lle (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Liven kirjautumisavustaja-->MsiExec.exe /I{998152E5-B605-4BBB-9853-E749AEE02B21}
Windows Liven lataustyökalu-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: AntiVir Desktop
FW: Norton Internet Worm Protection (disabled)
FW: Sygate Personal Firewall Pro

======System event log======

Computer Name: ODBH
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 483683
Source Name: Tcpip
Time Written: 20090225172932.000000+120
Event Type: warning
User:

Computer Name: ODBH
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 483682
Source Name: Tcpip
Time Written: 20090225171332.000000+120
Event Type: warning
User:

Computer Name: ODBH
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 483651
Source Name: Tcpip
Time Written: 20090224201046.000000+120
Event Type: warning
User:

Computer Name: ODBH
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 483650
Source Name: Tcpip
Time Written: 20090224192234.000000+120
Event Type: warning
User:

Computer Name: ODBH
Event Code: 4226
Message: TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Record Number: 483649
Source Name: Tcpip
Time Written: 20090224172511.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: ODBH
Event Code: 2005
Message: Palvelinpalvelun valvontatietoja ei voi lukea.
Palvelimen resurssitietoja ei palauteta tähän malliin.
Palautettu virhekoodi on ensimmäisessä DWORD-tavussa ja IOSB:ssä. Tila on toisessa DWORD-tavussa ja
IOSB:ssä. Tiedot ovat kolmannessa DWORD-tavussa.

Record Number: 8443
Source Name: PerfNet
Time Written: 20081218174205.000000+120
Event Type: error
User:

Computer Name: ODBH
Event Code: 2004
Message: Palvelinpalvelua ei voi avata. Palvelimen resurssitietoja
ei palauteta. Palautettu virhekoodi on ensimmäisessä DWORD-tavussa.

Record Number: 8440
Source Name: PerfNet
Time Written: 20081217160244.000000+120
Event Type: error
User:

Computer Name: ODBH
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 8434
Source Name: usnjsvc
Time Written: 20081216161736.000000+120
Event Type:
User:

Computer Name: ODBH
Event Code: 2004
Message: Palvelinpalvelua ei voi avata. Palvelimen resurssitietoja
ei palauteta. Palautettu virhekoodi on ensimmäisessä DWORD-tavussa.

Record Number: 8432
Source Name: PerfNet
Time Written: 20081216160639.000000+120
Event Type: error
User:

Computer Name: ODBH
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 8425
Source Name: usnjsvc
Time Written: 20081215161318.000000+120
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 63 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=3f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

RSIS Logi

Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Omistaja at 2009-05-20 19:35:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 47 GB (32%) free of 147 GB
Total RAM: 446 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:28, on 20.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Omistaja\Työpöytä\RSIT.exe
C:\Program Files\trend micro\Compaq_Omistaja.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 5736 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Liven kirjautumisapuohjelma - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Compaq_Omistaja\Työpöytä\Word\TVUPlayer\TVUPlayer.exe"="C:\Documents and Settings\Compaq_Omistaja\Työpöytä\Word\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm"
"C:\Kaspersky\kavupd.exe"="C:\Kaspersky\kavupd.exe:*:Enabled:kavupd"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\Compaq_Omistaja\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Compaq_Omistaja\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MicroWorld\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MicroWorld\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MicroWorld\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MicroWorld\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MicroWorld\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MicroWorld\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MicroWorld\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MicroWorld\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6845d3f9-2e98-11db-8525-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

======List of files/folders created in the last 2 months======

2009-05-20 16:40:52 ----D---- C:\Program Files\trend micro
2009-05-20 16:40:46 ----D---- C:\rsit
2009-05-19 23:21:47 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-19 23:21:33 ----D---- C:\WINDOWS\ERDNT
2009-05-19 23:14:37 ----D---- C:\Qoobox
2009-05-19 22:38:15 ----D---- C:\PUB
2009-05-19 22:37:30 ----D---- C:\Program Files\Common Files\MicroWorld
2009-05-19 22:37:30 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2009-05-19 22:37:30 ----A---- C:\WINDOWS\system32\T.COM
2009-05-19 22:37:30 ----A---- C:\WINDOWS\REGEDIT.COM
2009-05-19 22:37:30 ----A---- C:\WINDOWS\R.COM
2009-05-19 22:36:26 ----A---- C:\WINDOWS\killproc.exe
2009-05-19 22:35:52 ----A---- C:\WINDOWS\system32\mwnsp.dll
2009-05-19 22:35:52 ----A---- C:\WINDOWS\system32\contfilt.dll
2009-05-19 22:35:50 ----A---- C:\WINDOWS\system32\ZIPDLL.DLL
2009-05-19 22:35:50 ----A---- C:\WINDOWS\system32\UNZDLL.DLL
2009-05-19 22:35:50 ----A---- C:\WINDOWS\system32\sporder.dll
2009-05-19 22:35:50 ----A---- C:\WINDOWS\sporder.exe
2009-05-19 22:35:50 ----A---- C:\WINDOWS\sporder.dll
2009-05-19 22:35:49 ----A---- C:\WINDOWS\system32\mwtsp.dll
2009-05-19 22:35:49 ----A---- C:\WINDOWS\inst_tspx.exe
2009-05-19 22:35:48 ----A---- C:\WINDOWS\inst_tsp.exe
2009-05-19 22:35:44 ----D---- C:\WINDOWS\system32\FLCSS.EXE
2009-05-16 12:26:44 ----D---- C:\Program Files\Avira
2009-05-16 12:26:44 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-05-13 18:32:37 ----D---- C:\Documents and Settings\Compaq_Omistaja\Application Data\Malwarebytes
2009-05-13 18:32:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-13 18:32:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-18 18:46:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-18 18:46:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-18 18:46:10 ----A---- C:\WINDOWS\system32\java.exe
2009-04-16 22:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 22:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 22:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 22:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 22:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 22:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-03-25 00:20:30 ----D---- C:\Program Files\MSN Messenger

======List of files/folders modified in the last 2 months======

2009-05-20 19:11:14 ----D---- C:\WINDOWS\Prefetch
2009-05-20 19:11:13 ----D---- C:\Program Files\Mozilla Firefox
2009-05-20 19:08:14 ----SHD---- C:\System Volume Information
2009-05-20 19:01:34 ----D---- C:\WINDOWS\Temp
2009-05-20 19:01:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-20 19:01:16 ----AD---- C:\WINDOWS
2009-05-20 19:00:50 ----D---- C:\WINDOWS\Minidump
2009-05-20 19:00:43 ----D---- C:\WINDOWS\system32\drivers
2009-05-20 19:00:18 ----RD---- C:\Program Files
2009-05-20 18:59:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-19 23:33:56 ----D---- C:\WINDOWS\system32
2009-05-19 22:48:28 ----D---- C:\hijackthis
2009-05-19 22:47:55 ----AC---- C:\WINDOWS\win.ini
2009-05-19 22:47:52 ----AC---- C:\WINDOWS\system.ini
2009-05-19 22:41:30 ----HD---- C:\WINDOWS\inf
2009-05-19 22:37:37 ----RASH---- C:\boot.ini
2009-05-19 22:37:36 ----D---- C:\Documents and Settings
2009-05-19 22:37:30 ----D---- C:\Program Files\Common Files
2009-05-19 18:49:33 ----D---- C:\My Music
2009-05-18 21:29:40 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-05-16 12:20:15 ----SHD---- C:\WINDOWS\Installer
2009-05-16 12:20:14 ----D---- C:\WINDOWS\WinSxS
2009-05-14 15:28:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-13 19:45:29 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-13 18:17:05 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-13 18:16:57 ----RSD---- C:\WINDOWS\assembly
2009-05-13 17:31:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-07 10:16:29 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-05-04 21:40:32 ----D---- C:\Musiikkia
2009-04-28 16:23:26 ----D---- C:\Elokuvia
2009-04-23 16:55:05 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2009-04-23 16:46:18 ----D---- C:\Program Files\Winamp
2009-04-18 18:45:50 ----D---- C:\Program Files\Java
2009-04-17 15:35:27 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 15:35:27 ----D---- C:\WINDOWS\AppPatch
2009-04-16 22:15:09 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-16 22:14:55 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 22:14:23 ----D---- C:\WINDOWS\system32\fi-fi
2009-04-16 22:14:23 ----D---- C:\Program Files\Internet Explorer
2009-04-16 22:13:57 ----D---- C:\WINDOWS\ie7updates
2009-04-16 22:09:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 21:03:37 ----D---- C:\Documents and Settings\Compaq_Omistaja\Application Data\Tutor
2009-03-29 13:23:44 ----D---- C:\Program Files\Last.fm
2009-03-25 00:23:12 ----D---- C:\Program Files\Messenger Plus! Live
2009-03-25 00:17:59 ----D---- C:\Program Files\Windows Live
2009-03-21 17:08:57 ----A---- C:\WINDOWS\system32\kernel32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 39424]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0:n tukiympäristö ei-IFS-järjestelmiä varten; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-15 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2005-09-27 14944]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2005-09-27 14944]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2005-09-27 14944]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2005-09-27 14944]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-08 1480704]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-08-30 223128]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB-massamuistiohjain; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Arp1394;1394 ARP -asiakasprotokolla; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 HidUsb;Microsoft HID -luokkaohjain; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IKFileFlt;File Filter Driver; C:\WINDOWS\system32\drivers\ikfileflt.sys [2007-10-12 39248]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-10-12 52304]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-10-12 59984]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-10-12 83536]
S3 NIC1394;1394-verkko-ohjain; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2007-09-22 72116]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070112.005\symidsco.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-27 61984]
S4 intelppm;Intel-suoritinohjain; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-08 405504]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2001-10-25 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2007-12-13 415232]
R2 SmcService;Sygate Personal Firewall Pro; C:\Program Files\Sygate\SPF\smc.exe [2005-09-27 2635472]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;Spyware Doctor Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe []
S3 sdCoreService;Spyware Doctor Service; C:\Program Files\Spyware Doctor\swdsvc.exe []
S3 usnjsvc;Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Playerin verkkojakamispalvelu; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-15 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. toukokuuta 2009 @ 19:40

jnZke

Newbie

20. toukokuuta 2009 @ 16:52

Linkki tähän viestiin

Skannasin koneen päivällä myös Dr. Web Cure It:lla. En tiedä, onko tuloksista mitään hyötyä, mutta tässä ne kuitenkin:

---------------------

RegUBP2b-Compaq_Omistaja.reg C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2 Trojan.StartPage.1505 Deleted.

6D952C06d01/data002\32788R22FWJFW\FIND3M.bat C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache\6D952 Probably BATCH.Virus

data002 C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache Archive contains infected objects

6D952C06d01 C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache Container contains infected objects Moved.

C2152591d01/data002\32788R22FWJFW\FIND3M.bat C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache\C2152 Probably BATCH.Virus

data002 C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache Archive contains infected objects

C2152591d01 C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache Container contains infected objects Moved.

FA4CCC3Fd01/data002\32788R22FWJFW\FIND3M.bat C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache\FA4CC Probably BATCH.Virus

data002 C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache Archive contains infected objects

FA4CCC3Fd01 C:\Documents and Settings\Compaq_Omistaja\Local Settings\Application Data\Mozilla\Firefox\Profiles\etvu1xx0.default\Cache Container contains infected objects Moved.

es_awne.exe\data029 C:\Documents and Settings\Compaq_Omistaja\Työpöytä\es_awne.exe Probably BACKDOOR.Trojan

es_awne.exe\data064 C:\Documents and Settings\Compaq_Omistaja\Työpöytä\es_awne.exe Probably BACKDOOR.Trojan

es_awne.exe C:\Documents and Settings\Compaq_Omistaja\Työpöytä Archive contains infected objects

main.js C:\Program Files\Messenger Plus! Live\Scripts\Now Playing Probably SCRIPT.Virus

847872_534a45f85_\tgupdate.exe C:\Program Files\Sonera\InternetAvustaja\backup\tg\tgupdate.exe\847872_534a45f85_ Probably DLOADER.Trojan

847872_534a45f85_ C:\Program Files\Sonera\InternetAvustaja\backup\tg\tgupdate.exe Archive contains infected objects Moved.
A0042883.reg C:\System Volume
Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP413 Trojan.StartPage.1505 Deleted.

A0047049.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP452 Trojan.StartPage.1505 Deleted.

A0047303.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP454 Trojan.StartPage.1505 Deleted.

A0047394.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP455 Trojan.StartPage.1505 Deleted.

A0048507.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP457 Trojan.StartPage.1505 Deleted.

A0048644.reg C:\System Volume
Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP458 Trojan.StartPage.1505 Deleted.

A0048760.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP459 Trojan.StartPage.1505 Deleted.

A0048862.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP460 Trojan.StartPage.1505 Deleted.

A0048978.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP461 Trojan.StartPage.1505 Deleted.

A0049061.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP461 Trojan.StartPage.1505 Deleted.

A0049154.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP462 Trojan.StartPage.1505 Deleted.

A0049276.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP464 Trojan.StartPage.1505 Deleted.

A0049382.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP464 Trojan.StartPage.1505 Deleted.

A0049505.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP465 Trojan.StartPage.1505 Deleted.

A0049587.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP466 Trojan.StartPage.1505 Deleted.

A0049893.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP468 Trojan.StartPage.1505 Deleted.

A0049971.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP468 Trojan.StartPage.1505 Deleted.

A0051442.reg C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP475 Trojan.StartPage.1505 Deleted.

A0051547.bat C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP475 Probably BATCH.Virus

A0051610.bat C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP475 Probably BATCH.Virus

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. toukokuuta 2009 @ 19:41

jnZke

Newbie

20. toukokuuta 2009 @ 19:21

Linkki tähän viestiin

Toistin samaa asiaa, pahoittelen!

[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. toukokuuta 2009 @ 19:26

Mainos