Tein tuossa läpi Spybotin tarkistuksen, joka löysi ongelmia skannauksesta laitan sen login tähän perään. Huomasin, että konella on varmaan joku vakoilu ohjelma, tai joku muuttanut tietokoneen asetuksia erilaiseksi. (Ohjaus panelin Internet asetuksissa lukee näin: Järjestelmän Valvoja halitsee joitakin asetuksia). Miten tuon saisi pois? varmaan joku hakkeroitunut koneelleni ja halitsee sen asutuksia? sain kumminkin tietokoneen toimimaan tehtyään spobotin skannauksen pari kertaa lävitse, eli mitä pitäsii tehdä että koneesta tulisi taas puhdas?
tässä ensiksi alkuun tuo HijackThis logi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:27, on 16.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fsnordic.net/discussion/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.f;*.*.;*.*.;*.;*.;;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {2F55A1E9-EE3D-4B19-8B5F-378DEB2F893C} - C:\WINDOWS\system32\ddcywWno.dll (file missing)
O2 - BHO: (no name) - {4F213516-217E-4175-BC0D-07AB52B21586} - C:\WINDOWS\system32\ddcBSIBU.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\9\Config\ereg.ini"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [ac0da1ea] rundll32.exe "C:\WINDOWS\system32\hyqlbbwa.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9035] command /c del "C:\WINDOWS\system32\ddcBSIBU.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1796] cmd /c del "C:\WINDOWS\system32\ddcBSIBU.dll_old"
O4 - HKCU\..\Run: [ccleaner] "J:\Ohjelmat\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986. cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca b
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl ient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://212.86.26.218/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569 86.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 11952 bytes
Spybotin logi näytti tältä
--- Search result list ---
Virtumonde: [SBI $42352499] Käyttäjän asetukset (Rekisteriavain, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\rdfa
Virtumonde: [SBI $47E741CD] Asetukset (Rekisteriavain, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
Virtumonde.dll: [SBI $CA7338CF] Kirjasto (Tiedosto, fixed)
C:\WINDOWS\system32\ddcywWno.dll
Virtumonde.dll: [SBI $171716F8] Asetukset (Rekisteriavain, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DDCYWWNO
Virtumonde.dll: [SBI $606AEE80] Browser helper object (Rekisteriavain, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F55A1E9-EE3D-4B19-8B5F-378DEB2F893C}
Virtumonde.dll: [SBI $606AEE80] Class ID (Rekisteriavain, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F55A1E9-EE3D-4B19-8B5F-378DEB2F893C}
Virtumonde.dll: [SBI $4DB0E149] Kirjasto (Tiedosto, fixed)
C:\WINDOWS\system32\ddcBSIBU.dll
Virtumonde.dll: [SBI $5795EDCE] Browser helper object (Rekisteriavain, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F213516-217E-4175-BC0D-07AB52B21586}
Virtumonde.dll: [SBI $5795EDCE] Class ID (Rekisteriavain, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F213516-217E-4175-BC0D-07AB52B21586}
Virtumonde.prx: [SBI $C46E6FC7] Määritystiedosto (Tiedosto, fixed)
C:\WINDOWS\pskt.ini
Virtumonde.prx: [SBI $13DC8D4E] Asetukset (Rekisterin arvo, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\IProxyProvider\Path=...C:\WINDOWS\SYSTEM32\OHHQXSIW.DLL...
Virtumonde.prx: [SBI $797B4EBF] Kirjasto (Tiedosto, fixed)
C:\WINDOWS\system32\ohhqxsiw.dll
Virtumonde.prx: [SBI $0EED8ADA] Asetukset (Rekisterin arvo, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BMaf3e9276
Virtumonde.prx: [SBI $7BFCBA71] Asetukset (Rekisteriavain, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct
Log: Activity: SchedLgU.Txt (Varmuuskopio, fixed)
C:\WINDOWS\SchedLgU.Txt
Log: Shutdown: System32\wbem\logs\wbemess.log (Varmuuskopio, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Varmuuskopio, fixed)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Rekisteriavain, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Search Assistant\ACMru
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (7 tiedostoa) (Rekisteriavain, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 tiedostoa) (Rekisteriavain, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $99432203] Open with list - .CFG extension (2 tiedostoa) (Rekisteriavain, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 tiedostoa) (Rekisteriavain, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (4 tiedostoa) (Rekisteriavain, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Media SDK: [SBI $37AAEDE6] Computer name (Muutos rekisterissä, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Muutos rekisterissä, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Rekisterin arvo, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinZip: [SBI $1059E532] Number of times run (Muutos rekisterissä, fixed)
HKEY_USERS\S-1-5-21-3621417310-3752253508-3987832486-1008\Software\Nico Mak Computing\WinZip\rrs\Opened
Cookie: [SBI $49804B54] Eväste (1) (Eväste, fixed)
History: [SBI $49804B54] Historia (503) (Historia, fixed)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2006-10-29 spybotsd14.exe (0.0.0.0)
2008-01-28 TeaTimer.exe (1.5.2.16)
2006-10-29 unins000.exe (51.41.0.0)
2008-03-11 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-07-15 Includes\Adware.sbi (*)
2008-07-15 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-07-07 Includes\DialerC.sbi (*)
2008-07-11 Includes\HeavyDuty.sbi (*)
2008-07-10 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-15 Includes\Keyloggers.sbi (*)
2008-07-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-07-16 Includes\Malware.sbi (*)
2008-07-16 Includes\MalwareC.sbi (*)
2008-07-15 Includes\PUPS.sbi (*)
2008-07-15 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-07-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-11 Includes\Spyware.sbi (*)
2008-07-15 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-07-15 Includes\Trojans.sbi (*)
2008-07-15 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Suojauspäivitys Windows Media Player 10:lle (KB911565)
/ Windows Media Player 10: Suojauspäivitys Windows Media Player 10:lle (KB917734)
/ Windows Media Player 11: Suojauspäivitys Windows Media Player 11:lle (KB936782)
/ Windows Media Player 11: Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
/ Windows Media Player 6.4: Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
/ Windows XP: Suojauspäivitys ohjelmistolle Windows XP (KB923689)
/ Windows XP: Suojauspäivitys ohjelmistolle Windows XP (KB941569)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
/ Windows XP / SP0: Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
/ Windows XP / SP0: Suojauspäivitys Windows Internet Explorer 7:lle (KB950759)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB883667
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888239
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB893066)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB894391)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB896358)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB896422)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB896423)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB896424)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB896428)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB898461)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB899587)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB899591)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB900485)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB900725)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB901017)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB901214)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB902400)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB904706)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB904942)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB905414)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB905749)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB905915)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB908519)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB908531)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB910437)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB911280)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB911562)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB911567)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB911927)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB912812)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB912919)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB913446)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB913580)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB914388)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB914389)
/ Windows XP / SP3: Hotfix-päivitys Windows XP:lle (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB916281)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB916595)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB917159)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB917344)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB917422)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB917953)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB918118)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB918439)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB918899)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB919007)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB920213)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB920214)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB920670)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB920683)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB920685)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB920872)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB921398)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB921503)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB921883)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB922582)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB922616)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB922760)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB922819)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB923191)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB923414)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB923694)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB923980)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB924191)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB924270)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB924496)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB924667)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB925454)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB925486)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB926255)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB926436)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB927779)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB927802)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB927891)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB928255)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB928843)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB929123)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB929338)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB930178)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB930916)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB931261)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB931784)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB931836)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB932168)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB932823-v3)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB933360)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB933729)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB935839)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB935840)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB936021)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB938828)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB938829)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB941202)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB941568)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB941644)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB941693)
/ Windows XP / SP3: Päivitys Windows XP:lle (KB942763)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB943055)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB943460)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB943485)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB944653)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB945553)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB946026)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB948590)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB948881)
/ Windows XP / SP3: Suojauspäivitys Windows XP:lle (KB950749)
/ Windows XP / SP4: Suojauspäivitys Windows XP:lle (KB950760)
/ Windows XP / SP4: Suojauspäivitys Windows XP:lle (KB950762)
/ Windows XP / SP4: Suojauspäivitys Windows XP:lle (KB951376)
/ Windows XP / SP4: Suojauspäivitys Windows XP:lle (KB951376-v2)
/ Windows XP / SP4: Suojauspäivitys Windows XP:lle (KB951698)
/ Windows XP / SP4: Suojauspäivitys Windows XP:lle (KB951748)
--- Startup entries list ---
Located: HK_LM:Run, ac0da1ea
command: rundll32.exe "C:\WINDOWS\system32\hyqlbbwa.dll",b
file: C:\WINDOWS\system32\hyqlbbwa.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: E7BE65BF79906AEBC698E077D53F6A1C
Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: F259DCC4854D80040C8AB649F5993665
Located: HK_LM:Run, ccApp
command: "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: c:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 0882D504779B0CF087009AD405E0EB83
Located: HK_LM:Run, CnxTrApp
command: rundll32.exe "C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
file: C:\Program Files\TeleWell\ADSL USB Router\CnxTrApp.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8778072A594E1310C0B7D0A93771E8BD
Located: HK_LM:Run, KBD
command: C:\HP\KBD\KBD.EXE
file: C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
Located: HK_LM:Run, LogitechCommunicationsManager
command: "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
size: 488984
MD5: 022DB38BECB5A44DA6F7E27923457624
Located: HK_LM:Run, LogitechQuickCamRibbon
command: "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
file: C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
size: 774168
MD5: 6B84B11CFAD4173733DD96C810D9BC6F
Located: HK_LM:Run, PPort9reminder
command: "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\9\Config\ereg.ini"
file: C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe
size: 729088
MD5: CE7F09FD42A18651AC2540081E3E14E2
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: C74C7963EEC07AF49DCE44D64819B2BF
Located: HK_LM:Run, SSC_UserPrompt
command: c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: 2093B18DBCE862ED3E6E1A85E16ADC65
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: F9418981EE4D7E995D359833ADAB59D5
Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
Located: HK_LM:RunOnce, SpybotDeletingA2999
command: command /c del "C:\WINDOWS\system32\ddcBSIBU.dll_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA8514
command: command /c del "C:\WINDOWS\system32\ddcywWno.dll_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC5497
command: cmd /c del "C:\WINDOWS\system32\ddcywWno.dll_old"
file: C:\WINDOWS\system32\cmd.exe
size: 390656
MD5: C2BD0C606E3928694216A83A39E77F30
Located: HK_LM:RunOnce, SpybotDeletingC6748
command: cmd /c del "C:\WINDOWS\system32\ddcBSIBU.dll_old"
file: C:\WINDOWS\system32\cmd.exe
size: 390656
MD5: C2BD0C606E3928694216A83A39E77F30
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: E8E7CE0D379630E7B0015E48FA90499B
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: E8E7CE0D379630E7B0015E48FA90499B
Located: HK_CU:Run, ccleaner
where: S-1-5-21-3621417310-3752253508-3987832486-1008...
command: "J:\Ohjelmat\CCleaner\ccleaner.exe" /AUTO
file: J:\Ohjelmat\CCleaner\ccleaner.exe
size: 598656
MD5: 6C28CDF8261026D9F9FA876F362D7228
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3621417310-3752253508-3987832486-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: E8E7CE0D379630E7B0015E48FA90499B
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-3621417310-3752253508-3987832486-1008...
command: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
size: 5724184
MD5: 27514A975985206FDCAA6A899764360A
Located: HK_CU:RunOnce, SpybotDeletingB1050
where: S-1-5-21-3621417310-3752253508-3987832486-1008...
command: command /c del "C:\WINDOWS\system32\ddcBSIBU.dll_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB7797
where: S-1-5-21-3621417310-3752253508-3987832486-1008...
command: command /c del "C:\WINDOWS\system32\ddcywWno.dll_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD3343
where: S-1-5-21-3621417310-3752253508-3987832486-1008...
command: cmd /c del "C:\WINDOWS\system32\ddcywWno.dll_old"
file: C:\WINDOWS\system32\cmd.exe
size: 390656
MD5: C2BD0C606E3928694216A83A39E77F30
Located: HK_CU:RunOnce, SpybotDeletingD6264
where: S-1-5-21-3621417310-3752253508-3987832486-1008...
command: cmd /c del "C:\WINDOWS\system32\ddcBSIBU.dll_old"
file: C:\WINDOWS\system32\cmd.exe
size: 390656
MD5: C2BD0C606E3928694216A83A39E77F30
Located: Käynnistys (yleinen), Adobe Reader Speed Launch.lnk
where: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys...
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: DFCB9ADE94A4F8A7C42EEF41101A30AD
Located: Käynnistys (yleinen), HP Digital Imaging Monitor.lnk
where: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys...
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 258048
MD5: C519CEC624CF9BCBA3059F32266C8FFF
Located: Käynnistys (yleinen), WinZip Quick Pick.lnk
where: C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys...
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613E98493EC4A94395955B17F836CF9
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ddcywWno
command: ddcywWno.dll
file: ddcywWno.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocxAcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
{2F55A1E9-EE3D-4B19-8B5F-378DEB2F893C} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ddcywWno.dll
{4F213516-217E-4175-BC0D-07AB52B21586} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ddcBSIBU.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 13.7.2008 0:39:40
Date (last access): 16.7.2008 20:35:06
Date (last write): 10.6.2008 4:27:02
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Liven kirjautumisapuohjelma)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Liven kirjautumisapuohjelma
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 20.9.2007 10:30:18
Date (last access): 16.7.2008 20:15:42
Date (last write): 20.9.2007 10:30:18
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1
{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NAV Helper
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: c:\Program Files\Norton Internet Security\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 21.9.2004 9:39:44
Date (last access): 16.7.2008 20:15:42
Date (last write): 28.11.2005 14:58:30
Filesize: 218768
Attributes: archive
MD5: 9022CF20B1123DCB0019FF9E5991450B
CRC32: 5BB3B865
Version: 11.0.16.2
--- ActiveX list ---
{0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1)
DPF name:
CLSID name: F-Secure Online Scanner 3.1
Installer: C:\WINDOWS\Downloaded Program Files\fscax.inf
Codebase: http://support.f-secure.com/ols/fscax.cab
description:
classification: Legitimate
known filename: fscax.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: fscax.dll
Short name:
Date (created): 7.5.2007 15:39:24
Date (last access): 16.7.2008 20:20:54
Date (last write): 7.5.2007 15:39:24
Filesize: 254360
Attributes: archive
MD5: D5199825510E4C4F97DC93B7BC3B1A8A
CRC32: 9FA45099
Version: 3.1.0.5
{20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab56986. cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 28.2.2007 14:21:04
Date (last access): 16.7.2008 20:20:54
Date (last write): 28.2.2007 14:21:04
Filesize: 131472
Attributes: archive
MD5: 1E5CFDF9AEBDD84305A4C8154277A269
CRC32: 73C871D0
Version: 9.5.7087.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind ows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.6.2008 2:32:34
Date (last access): 14.7.2008 17:38:30
Date (last write): 10.6.2008 4:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/curren t/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca b
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 19.2.2007 11:26:28
Date (last access): 9.7.2008 6:51:40
Date (last write): 19.2.2007 11:26:28
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3)
DPF name:
CLSID name: F-Secure Online Scanner 3.3
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\fscax.inf
Codebase: http://support.f-secure.com/ols/fscax.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\
Long name: fscax.dll
Short name:
Date (created): 27.2.2008 16:00:12
Date (last access): 9.7.2008 6:51:36
Date (last write): 27.2.2008 16:00:12
Filesize: 262144
Attributes: archive
MD5: DA4CB993C1FC5217C55902CBB0551DCD
CRC32: 00E55D09
Version: 3.3.2.0
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPACl ient.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 22.2.2007 23:41:12
Date (last access): 16.7.2008 20:20:54
Date (last write): 22.2.2007 23:41:12
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind ows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12.7.2007 1:22:38
Date (last access): 9.7.2008 6:51:42
Date (last write): 12.7.2007 3:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind ows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24.9.2007 22:31:44
Date (last access): 9.7.2008 6:51:42
Date (last write): 25.9.2007 0:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-wind ows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 22.2.2008 2:33:32
Date (last access): 12.7.2008 7:10:58
Date (last write): 22.2.2008 4:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind ows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.6.2008 2:32:34
Date (last access): 16.7.2008 20:42:12
Date (last write): 10.6.2008 4:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind ows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.6.2008 2:32:34
Date (last access): 16.7.2008 20:42:12
Date (last write): 10.6.2008 4:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6
{DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class)
DPF name:
CLSID name: AxisMediaControlEmb Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://212.86.26.218/activex/AMC.cab
description:
classification: Open for discussion
known filename: AxisMediaControlEmb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Axis Communications\AXIS Media Control Embedded\
Long name: AxisMediaControlEmb.dll
Short name: AXISME~1.DLL
Date (created): 11.7.2008 7:47:32
Date (last access): 14.7.2008 21:13:36
Date (last write): 4.5.2006 10:27:14
Filesize: 671744
Attributes: archive
MD5: 647EFE623A463246D77F6D757A75ED27
CRC32: 4CC866C6
Version: 3.32.37.1
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab569 86.cab
description:
classification: Legitimate
known filename: MineSweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MineSweeper.dll
Short name: MINESW~1.DLL
Date (created): 28.2.2007 14:21:04
Date (last access): 16.7.2008 20:20:54
Date (last write): 28.2.2007 14:21:04
Filesize: 130472
Attributes: archive
MD5: E661E91B5929632665683222D509D271
CRC32: 63A9B975
Version: 9.5.6986.1
--- Process list ---
PID: 0 ( 0) [System]
PID: 396 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 640 ( 396) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 668 ( 396) \??\C:\WINDOWS\system32\winlogon.exe
size: 502784
PID: 724 ( 668) C:\WINDOWS\system32\services.exe
size: 108544
MD5: C2F8F8343435FC080C2DE25A410E09E8
PID: 736 ( 668) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 39726087F99C7775B2EA1F2990709817
PID: 916 ( 724) C:\WINDOWS\system32\Ati2evxx.exe
size: 405504
MD5: B1C9B1A2EDD766FABFAEF059CB5D5A6E
PID: 928 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 34C8D42B876703B3ABF0562307428561
PID: 1028 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 34C8D42B876703B3ABF0562307428561
PID: 1120 ( 724) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 34C8D42B876703B3ABF0562307428561
PID: 1160 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 34C8D42B876703B3ABF0562307428561
PID: 1280 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 34C8D42B876703B3ABF0562307428561
PID: 1440 ( 668) C:\WINDOWS\system32\Ati2evxx.exe
size: 405504
MD5: B1C9B1A2EDD766FABFAEF059CB5D5A6E
PID: 1536 (1476) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 0F88A5B1CA666754C4C62AD3DB4730EF
PID: 1552 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 34C8D42B876703B3ABF0562307428561
PID: 1692 ( 724) c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 235120
MD5: 5A52226597742A12D8A424E5FB9BB69A
PID: 1752 ( 724) c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 181872
MD5: D6BDC0F32DC8C58567E9447629FA5178
PID: 1852 ( 724) c:\Program Files\Norton Internet Security\ISSVC.exe
size: 83584
MD5: 64BC5239264896C8D8FCE558CFBA029B
PID: 1884 ( 724) c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
size: 177296
MD5: E742616A7109421EB50158E09EF30102
PID: 1936 ( 724) c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 164 ( 724) c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 173160
MD5: 08FA56B7C13B4CBF0E5D351AECAD92B1
PID: 220 ( 724) c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 198256
MD5: 45437F13E9A1E4E192C73ACB290471FC
PID: 864 ( 724) C:\WINDOWS\system32\brsvc01a.exe
size: 57344
MD5: D3FACB34FFF5DB91ADB70987838F8BA7
PID: 1336 ( 864) C:\WINDOWS\system32\brss01a.exe
size: 45056
MD5: 9E646CD378D4D0C996BAF9BCB18237C7
PID: 1308 ( 724) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1416 ( 724) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
size: 109344
MD5: 995D0B52870C7A5CAF3EA165FD674A35
PID: 2004 ( 724) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 53248
MD5: 9BD7ADD61B031307DD075E5E6A917C4D
PID: 176 ( 724) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: D31F88C5F19EEFA366A415D6BC5F2ABC
PID: 432 ( 724) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 34C8D42B876703B3ABF0562307428561
PID: 560 ( 724) c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
size: 316544
MD5: 67C5AF84809468061121FBCBECB19285
PID: 2452 ( 724) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 68276E67DA0274CA30DB2FC0E42C38C5
PID: 3056 (1536) C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: E7BE65BF79906AEBC698E077D53F6A1C
PID: 3276 (1536) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 0882D504779B0CF087009AD405E0EB83
PID: 3308 (1536) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: 71EAC25AAFEA6BDDCBE5D09A2F218305
PID: 3408 (1536) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 8778072A594E1310C0B7D0A93771E8BD
PID: 3472 (1536) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 3484 ( 724) C:\Program Files\iPod\bin\iPodService.exe
size: 323584
MD5: 962BC769D1008D83F6A00B9DE887EEF4
PID: 3504 (1536) C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
PID: 3544 (1536) C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: C74C7963EEC07AF49DCE44D64819B2BF
PID: 3632 (1536) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 3664 (1536) C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
size: 488984
MD5: 022DB38BECB5A44DA6F7E27923457624
PID: 3856 (1536) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: 71EAC25AAFEA6BDDCBE5D09A2F218305
PID: 3920 (1536) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: E8E7CE0D379630E7B0015E48FA90499B
PID: 360 (1536) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 258048
MD5: C519CEC624CF9BCBA3059F32266C8FFF
PID: 572 (1536) C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613E98493EC4A94395955B17F836CF9
PID: 2780 ( 928) C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
size: 252704
MD5: AD7503D6857DBFFC7E5F2E96BC9CC283
PID: 984 ( 928) C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
size: 230936
MD5: 4F97F4BE05F1DBF89E493ED85EC1013B
PID: 448 (3472) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 2296 (1536) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 16.7.2008 20:42:11
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese arch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.fsnordic.net/discussion/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese arch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\ms
Ongelmia Tietokoneessa
Apua kaipaava
0
254
Vastaukset
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Ymmärrän paremmin kuin koskaan
Roikut kädessäni ja vedät puoleesi. Näen kuitenkin tämän kaiken lävitse ja kaikkien takia minun on tehtävä tämä. Päästän475146- 3261918
Nainen, se auttaisi jo paljon minua
tuskissani, jos tunnustaisit sinulla olevan tunteita, vaikka et haluaisikaan suhdetta. Olisi upeaa tietää, että olen sin1131838Anja ja Janne
Eli nämä kosulan manipellet sai raploojan tubetuksen loppumaan,sitten selitellään uusimmalla videolla ettei heillä ollut701517Tässä epämiellyttävä totuus
Sinä olet henkisesti sairas ja se on epämiellyttävä totuus jota välttelet ja jota et halua kuulla sanottavan. Sinä elät681467- 811214
Elämäni rakkaus
Miten hirveästi haluaisin olla lähelläsi, halata sinua ja kuiskata monta kertaa, että rakastan sinua. Hyvää yötä! Mieh321213- 361056
- 421035
Mikä sinussa on parasta
Olet sellainen ihana kokonaisuus, että en löydä huonoa juttua. Mutta siis parasta. Tarmokkuus, pitkäjänteisyys, kädet, ä21984