onko kunossa joku läheti virusksen messengerin kautta mulle

tossa ohjeet: http://keskustelu.suomi24.fi/show.fcgi?category=108&conference=1500000000000007&posting=22000000035519096

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\winudspm.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CF17895.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros-määrityspalvelu (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8169 bytes


Malwarebytes' Anti-Malware 1.12
Tietokantaversio: 793

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 35747
Kulunut aika: 5 minute(s), 33 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)



[b]SDFix: Version 1.186 [/b]
Run by Teija Kristo on 2008-05-28 at 16:52

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 17:06:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000461835be1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a5503e]
"001842caeb19"=hex:70,b3,9f,e9,eb,76,3b,3f,56,d0,09,ae,72,9d,6f,60
"001842cae58a"=hex:b6,38,cd,79,36,ba,8c,b9,bc,8f,2d,d0,78,83,04,78
"00192d45898b"=hex:93,0b,ba,f8,26,75,c7,0f,96,8d,7b,cc,02,df,93,b4
"001a163a56a5"=hex:a9,88,07,c6,0b,5b,d4,b7,7a,27,7c,ec,72,0f,da,43
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000461835be1]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060a5503e]
"001842caeb19"=hex:70,b3,9f,e9,eb,76,3b,3f,56,d0,09,ae,72,9d,6f,60
"001842cae58a"=hex:b6,38,cd,79,36,ba,8c,b9,bc,8f,2d,d0,78,83,04,78
"00192d45898b"=hex:93,0b,ba,f8,26,75,c7,0f,96,8d,7b,cc,02,df,93,b4
"001a163a56a5"=hex:a9,88,07,c6,0b,5b,d4,b7,7a,27,7c,ec,72,0f,da,43

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{3FDF25EE-E592-4495-8391-6E9C504DAC2B}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\WMSET10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\wmset10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{60204BB3-7078-4F70-8F69-68297621941C}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\MPSTUB10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\mpstub10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\MPCD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\mpcd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{DD90D410-1823-43EB-9A16-A2331BF08799}"
"Version"=dword:000a0000
"Sub-Version"=dword:00000e3e
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\WMP10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmp10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS]
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS]
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"NoPopUpsOnBoot"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU\0\0]
"0"=hex:33,00,46,00,82,4d,69,63,72,6f,73,6f,66,74,20,57,69,6e,64,6f,77,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU\0\0\0]
"0"=hex:20,00,41,00,82,54,72,6f,2d,70,73,00,4d,69,63,72,6f,73,6f,66,74,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0]
"0"=hex:2b,00,42,00,82,5c,5c,74,72,6f,2d,70,73,2d,73,2d,37,2d,63,69,66,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0]
"0"=hex:3f,00,c3,01,c5,5c,5c,74,72,6f,2d,70,73,2d,73,2d,37,2d,63,69,66,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0]
"0"=hex:3c,00,31,00,00,00,00,00,8e,33,21,3e,10,00,44,41,54,41,4e,4f,42,..
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0]
"NodeSlot"=dword:00000002
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:3c,00,31,00,00,00,00,00,69,33,f9,2e,10,00,52,45,46,5f,53,59,53,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0]
"NodeSlot"=dword:00000003
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
"0"=hex:46,00,31,00,00,00,00,00,8f,33,4a,5a,10,00,52,45,46,5f,4d,53,7e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0]
"NodeSlot"=dword:00000004
"MRUListEx"=hex:ff,ff,ff,ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop]
"FFlags"=dword:00000225
"Mode"=dword:00000001
"ScrollPos800x600(1).x"=dword:00000000
"ScrollPos800x600(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:00000000
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,..
"ItemPos800x600(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,02,..
"ScrollPos1280x800(1).x"=dword:00000000
"ScrollPos1280x800(1).y"=dword:00000000
"ItemPos1280x800(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1a,00,00,00,02,..
"ScrollPos640x480(1).x"=dword:00000000
"ScrollPos640x480(1).y"=dword:00000000
"ItemPos640x480(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1a,00,00,00,02,..
"ScrollPos1024x768(1).x"=dword:00000000
"ScrollPos1024x768(1).y"=dword:00000000
"ItemPos1024x768(1)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1a,00,00,00,02,..
"ScrollPos1280x800(2).x"=dword:00000000
"ScrollPos1280x800(2).y"=dword:00000000
"ItemPos1280x800(2)"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,1a,00,00,00,02,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\2\Shell]
"MinPos1280x800(1).x"=dword:ffffffff
"MinPos1280x800(1).y"=dword:ffffffff
"MaxPos1280x800(1).x"=dword:ffffffff
"MaxPos1280x800(1).y"=dword:ffffffff
"WinPos1280x800(1).left"=dword:0000006e
"WinPos1280x800(1).top"=dword:00000091
"WinPos1280x800(1).right"=dword:0000038e
"WinPos1280x800(1).bottom"=dword:000002e9
"Rev"=dword:00000000
"WFlags"=dword:00000000
"ShowCmd"=dword:00000001
"FFlags"=dword:00000001
"HotKey"=dword:00000000
"Buttons"=dword:ffffffff
"Links"=dword:00000000
"Address"=dword:00000000
"Vid"="{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
"Mode"=dword:00000006
"ScrollPos1280x800(1).x"=dword:00000000
"ScrollPos1280x800(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\3\Shell]
"MinPos1280x800(1).x"=dword:ffffffff
"MinPos1280x800(1).y"=dword:ffffffff
"MaxPos1280x800(1).x"=dword:ffffffff
"MaxPos1280x800(1).y"=dword:ffffffff
"WinPos1280x800(1).left"=dword:0000006e
"WinPos1280x800(1).top"=dword:00000091
"WinPos1280x800(1).right"=dword:0000038e
"WinPos1280x800(1).bottom"=dword:000002e9
"Rev"=dword:00000000
"WFlags"=dword:00000000
"ShowCmd"=dword:00000001
"FFlags"=dword:00000001
"HotKey"=dword:00000000
"Buttons"=dword:ffffffff
"Links"=dword:00000000
"Address"=dword:00000000
"Vid"="{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"
"Mode"=dword:00000006
"ScrollPos1280x800(1).x"=dword:00000000
"ScrollPos1280x800(1).y"=dword:00000000
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\4\Shell]
"Mode"=dword:00000006
"ScrollPos1280x800(1).x"=dword:00000000
"ScrollPos1280x800(1).y"=dword:00000002
"Sort"=dword:00000000
"SortDir"=dword:00000001
"Col"=dword:ffffffff
"ColInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,fd,df,df,fd,0f,..
"MinPos1280x800(1).x"=dword:ffffffff
"MinPos1280x800(1).y"=dword:ffffffff
"MaxPos1280x800(1).x"=dword:ffffffff
"MaxPos1280x800(1).y"=dword:ffffffff
"WinPos1280x800(1).left"=dword:0000006e
"WinPos1280x800(1).top"=dword:00000091
"WinPos1280x800(1).right"=dword:0000038e
"WinPos1280x800(1).bottom"=dword:000002e9
"Rev"=dword:00000000
"WFlags"=dword:00000000
"ShowCmd"=dword:00000001
"FFlags"=dword:00000001
"HotKey"=dword:00000000
"Buttons"=dword:ffffffff
"Links"=dword:00000000
"Address"=dword:00000000
"Vid"="{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"

scanning hidden files ...

C:\WINDOWS\Temp\AVP1D.tmp
C:\WINDOWS\Temp\AVP1E.tmp

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\DC \\DCPlusPlus.exe"="C:\\Program Files\\DC \\DCPlusPlus.exe:*:Enabled:DC "
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 27 May 2008 56,832 ..SHR --- "C:\WINDOWS\winudspm.exe"
Tue 28 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 10 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Teija Kristo\Application Data\U3\temp\Launchpad Removal.exe"

[b]Finished![/b]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:50, on 28.5.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\system32\ifxspmgt.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Sprint-HP\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HPQ\HP Connection Manager\WaHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\winudspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Omistaja\Työpöytä\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\licmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\HPQ\HP Connection Manager\WaHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210913028265
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: awtsRlIx - C:\WINDOWS\SYSTEM32\awtsRlIx.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint-HP\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14297 bytes

en tiedä mutta aina tulee taksi se virus