Apua, koneessa Keylogger!

Anon999 · Oct 27, 2007

Tein skannauksen Hjtissillä ja analysoin sen sen kotisivuilla ja siinä näkyy että on tullut Blazing Tools Perfect Keylogger ja se pitäisi poistaa manuaalisesti, miten? Voisiko joku auttaa pian?

Ja tässä se logi:

Logfile of HijackThis v1.99.1
Scan saved at 15:01:47, on 27.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\bpk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\taskmgr.exe
C:\hjt\scanner.exe.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60E40012-CB1F-4990-B58C-2CA450191F75}: NameServer = 192.168.0.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Hujo · Oct 27, 2007

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe

=====================

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

================

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

Anon999 · Oct 28, 2007

File C:\WINDOWS\system32\bpk.exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
File C:\WINDOWS\system32\bpkhk.dll tagged as not-a-virus:Monitor.Win32.Perflogger.163. No Action Taken.
File C:\WINDOWS\system32\bpkr.exe tagged as not-a-virus:Monitor.Win32.Perflogger.bx. No Action Taken.
File C:\WINDOWS\system32\rinst.exe tagged as not-a-virus:Monitor.Win32.Perflogger.bx. No Action Taken.
File C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\ASENNUSOHJELMAT\mirc621.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken.
File C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\VDownloader\VDownloader.exe tagged as not-a-virusownloader.Win32.VDown.a. No Action Taken.
File C:\WINDOWS\system32\28463\AKV.exe tagged as not-a-virus:Monitor.Win32.Ardamax.r. No Action Taken.
File C:\WINDOWS\system32\28463\JIRW.006 tagged as not-a-virus:Monitor.Win32.Ardamax.r. No Action Taken.
File C:\WINDOWS\system32\28463\JIRW.007 tagged as not-a-virus:Monitor.Win32.Ardamax.o. No Action Taken.
File C:\WINDOWS\system32\28463\JIRW.exe tagged as not-a-virus:Monitor.Win32.Ardamax.o. No Action Taken.
File C:\WINDOWS\system32\28463\QMYF.006 tagged as not-a-virus:Monitor.Win32.Ardamax.271. No Action Taken.
File C:\WINDOWS\system32\28463\QMYF.007 tagged as not-a-virus:Monitor.Win32.Ardamax.271. No Action Taken.
File C:\WINDOWS\system32\28463\QMYF.exe infected by "Trojan-Spy.Win32.Ardamax.e" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\bpk.exe tagged as not-a-virus:Monitor.Win32.Perflogger.ad. No Action Taken.
File C:\WINDOWS\system32\bpkhk.dll tagged as not-a-virus:Monitor.Win32.Perflogger.163. No Action Taken.
File C:\WINDOWS\system32\bpkr.exe tagged as not-a-virus:Monitor.Win32.Perflogger.bx. No Action Taken.
File C:\WINDOWS\system32\rinst.exe tagged as not-a-virus:Monitor.Win32.Perflogger.bx. No Action Taken.

tomato71 · Nov 8, 2007

Lataa Killbox Option^Explicitiltä.

Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.

Tallenna työpöydällesi.
Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
Valitse:Delete on Reboot
Sitten klikkaa All Files valintaa.[/list]
Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):

C:\WINDOWS\system32\bpk.exe
C:\WINDOWS\system32\bpkhk.dll
C:\WINDOWS\system32\bpkr.exe
C:\WINDOWS\system32\rinst.exe

Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.

Klikkaa puna-valkoista Delete File valintaa.
Klikkaa Yes "Delete on Reboot" pyyntöön.
Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee.

Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Anon999 · Nov 9, 2007

Kun nyt poistin nuo neljä, niin Sygate Personal Firewall:in luettelossa on ohjelma nimeltään JIRW.exe, jonka olen estänyt pääsemästä netiin. Se kansiossa C:\WINDOWS\system32\28463\JIRW.exe. Onko se mikään viirus? Tuossa 28463-kansiossa on myös tiedostot:
AKV.exe
JIRW.exe
JIRW.001
JIRW.002
JIRW.005
JIRW.006
JIRW.007
QMYF.001
QMYF.002
QMYF.006
QMYF.007

En tehnyt vielä F-securen scannausta.

tomato71 · Nov 10, 2007

poista kansio C:\WINDOWS\system32\28463

Anon999 · Nov 18, 2007

Scanning Report
Saturday, November 17, 2007 12:34:33 - 21:19:42
Computer name: TAKALO
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\

--------------------------------------------------------------------------------

Result: 7 malware found
Malware.XGQ (virus)
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\aawsepersonal.exe
Possible Browser Hijack attempt (spyware)
System
Tracking Cookie (spyware)
System (Disinfected)
Trojan-Downloader.Win32.VB.bsa (virus)
C:\WINDOWS\Fonts\a.zip\Setup.exe
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
W32/DLoader.DWRL (virus)
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Cheat Engine\systemcallsignal.exe

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 374437
System: 5192
Not scanned: 60
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 6
Submitted: 0
Files not scanned:
x??`?IBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS4CC.TMP
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{D20E439D-2111-46FD-B594-824AAF0C43B1}.BIN
bios1.rom
C:\WINDOWS\.JAGEX_CACHE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\.JAGEX_CACHE_32\RUNESCAPE\MAIN_FILE_CACHE.IDX13
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC10.JPG
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000001.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\T2DEE0B4
C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\Ad-Aware SE Default.skn
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCL
C:\DOWNLOADS\RATATOUILLE.TS.XVID-VIDEO_TS\VIDEO_TS-RATATOUILLE.AVI
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_01_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_02_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_03_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_04_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_05_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_06_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_07_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_08_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_09_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_10_E.MP3
C:\DOCUMENTS AND SETTINGS\JUHANI\NTUSER.DAT
C:\Documents and Settings\Juhani\Omat tiedostot\PSP\Pandora_s_Box.rar\Pandora's Box.exe\AutoPlay/Audio/Click1.ogg
C:\DOCUMENTS AND SETTINGS\JUHANI\OMAT TIEDOSTOT\OHJELMAT\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[1].RBK
C:\DOCUMENTS AND SETTINGS\JUHANI\OMAT TIEDOSTOT\H?P?PELIT\SOUND\FOUNTAIN.RAW
C:\DOCUMENTS AND SETTINGS\JUHANI\LOCAL SETTINGS\TEMPORARY INS??A
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS4CC.TMP
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\-OT?P?x?
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{D20E439D-2111-46FD-B594-824AAF0C43B1}.BIN
bios1.rom
C:\WINDOWS\.JAGEX_CACHE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\WINDOWS\.JAGEX_CACHE_32\RUNESCAPE\MAIN_FILE_CACHE.IDX13
C:\WINDOWS\.FILE_STORE_32\MAIN_FILE_CACHE.DAT
C:\WINDOWS\.FILE_STORE_32\RUNESCAPE\MAIN_FILE_CACHE.DAT2
C:\RECYCLER\S-1-5-21-851486586-3239081792-1126570287-1007\DC10.JPG
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.ILG
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000001.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\T2DEE0B4
C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI\stream 24\AdAware_SE_default.ask\Ad-Aware SE Default.skn
C:\PROGRAM FILES\COMMON FILES\SWF STUDIO\INIFILE.DLL
C:\PROGRAM FILES\CODEMASTERS\COLIN MCRAE RALLY 2005\DATA\SOUNDS\EFFECTS\RALLY5DSPIMAGE.BIN
C:\PROGRAM FILES\CANON\EASY-PHOTOPRINT\UNINST.INI
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5600\SAMPLE1.PCL
C:\HP\DRIVERS\PRINTERS\DESKJET\PROGRAM FILES\HEWLETT-PACKARD\HP DESKJET ASSISTANT\5100\SAMPLE1.PCL
C:\DOWNLOADS\RATATOUILLE.TS.XVID-VIDEO_TS\VIDEO_TS-RATATOUILLE.AVI
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_01_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_02_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_03_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_04_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_05_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_06_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_07_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_08_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_09_E.MP3
C:\DOCUMENTS AND SETTINGS\LAPSET\APPLICATION DATA\PAN VISION\SPRINGDALE\SOUND\SEQ_10_E.MP3
C:\DOCUMENTS AND SETTINGS\JUHANI\NTUSER.DAT
C:\Documents and Settings\Juhani\Omat tiedostot\PSP\Pandora_s_Box.rar\Pandora's Box.exe\AutoPlay/Audio/Click1.ogg
C:\DOCUMENTS AND SETTINGS\JUHANI\OMAT TIEDOSTOT\OHJELMAT\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[1].RBK
C:\DOCUMENTS AND SETTINGS\JUHANI\OMAT TIEDOSTOT\H?P?PELIT\SOUND\FOUNTAIN.RAW
C:\DOCUMENTS AND SETTINGS\JUHANI\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\65TE16AB\VIEW[2].HTM
C:\DOCUMENTS AND SETTINGS\JUHANI\LOCAL SETTINGS\TEMP\~DF2534.TMP
C:\DOCUMq

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 7.0.171, 2007-11-16
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0603-150-72
F-Secure Libra: 2.4.2, 2007-11-15
F-Secure Orion: 1.2.37, 2007-11-16
F-Secure Pegasus: 1.19.0, 2007-10-15
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

tomato71 · Nov 18, 2007

olet hankkinu lisää örkkejä

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
*Käynnistä tietokone
*Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
*Seuraavaksi pitäisi ilmestyä valikko
*Valitse valikosta vikasietotila.

* Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio). Työpöydälle ilmestyy sdfix.exe. Tuplakilikkaa sitä, niin tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM c:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lähetä sdfix-loki + combofix-loki ja uusi hjt-loki

Anon999 · Nov 20, 2007

Nuo kummatkin Combofixsit sanovat olevansa vanhentuneita ja eivät tee skannausta. Onko muuten mitään ohjelmaa joka skannaisi kaikki koneen avoimet portit kun kerran niitä pari avasin enkä enään muista mitkä ne olivat.

tomato71 · Nov 21, 2007

jeps...
tuo combofixin kehittäjä on laittanu jotai uusi virityksiä siihen....
pitäis olla korjattu tänään 21.11,ennen kun lataat uuden niin vanhat pitää poistaa koneelta.
Jos ei vieläkään toimi niin sitten tästä...

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

Sulje kaikki avoimet ikkunat ja ohjelmat.

Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.

Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt

Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )

kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi

Anon999 · Nov 24, 2007

Tässäpä nämä, niin ja tiedätlö mitään hyvää porttiskanneria kun olen sitä googlettamalla yrittänyt ehtiäkkin, mutten ole löytänyt.

Main:

Deckard's System Scanner v20071014.68
Run by Juhani on 2007-11-24 11:05:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2007-11-23 18:09:59 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-11-23 16:07:23 UTC - RP2 - Järjestelmän tarkistuspiste
1: 2007-11-20 17:05:41 UTC - RP1 - Järjestelmän tarkistuspiste

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Juhani.exe) ----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-24 11:09:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe
C:\Program Files\F-Secure\Common\FSMA32.exe
C:\Program Files\F-Secure\Common\FSMB32.exe
C:\Program Files\F-Secure\Common\fch32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\F-Secure\Common\FSM32.exe
C:\Program Files\F-Secure\Common\FAMEH32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\F-Secure\Common\FNRB32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FIH32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Juhani\Työpöytä\dss.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www4.sonera.fi (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{60E40012-CB1F-4990-B58C-2CA450191F75}: NameServer = 192.168.0.254
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: AQ - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\AQ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.exe
O23 - Service: FDOJOWCVQLE - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\FDOJOWCVQLE.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\fsaa.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NHBAKB - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\NHBAKB.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

--
End of file - 11976 bytes

-- HijackThis Fixed Entries (C:\hjt\backups\) ----------------------------------

backup-20070624-121109-321 O4 - HKLM\..\Run: [Ref Book Noun Logo] C:\Documents and Settings\All Users\Application Data\2jugsrefbook\BoltIntra.exe
backup-20070624-121109-350 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/HistorySwatterFWBInitialSetup1.0.0.15.cab
backup-20070624-121109-481 O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
backup-20070624-121109-485 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
backup-20070624-121109-505 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20070624-121109-573 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070624-121109-799 O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
backup-20070624-121109-810 O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
backup-20070624-121109-845 O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
backup-20070624-130505-692 O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)
backup-20070624-130505-703 O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
backup-20070624-130505-861 O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
backup-20070701-145144-696 O4 - HKCU\..\Run: [first camp] C:\DOCUME~1\Juhani\APPLIC~1\DRIVEC~1\Bash Gram.exe
backup-20070702-213505-785 O23 - Service: NHBAKB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\NHBAKB.exe
backup-20070702-213505-786 O23 - Service: FDOJOWCVQLE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Juhani\LOCALS~1\Temp\FDOJOWCVQLE.exe
backup-20070702-213505-931 O23 - Service: AQ - Unknown owner - C:\DOCUME~1\Juhani\LOCALS~1\Temp\AQ.exe (file missing)
backup-20070831-150741-579 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20070920-133402-892 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071003-195157-139 O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - (no file)
backup-20071020-104633-957 O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - (no file)
backup-20071027-153740-192 O4 - HKLM\..\Run: [bpk] C:\WINDOWS\system32\bpk.exe
backup-20071027-153740-462 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20071108-181918-742 O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
backup-20071114-203339-411 O2 - BHO: - {371C6960-302C-45D0-9504-50B820247439} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R2 FSpm (F-Secure Policy Manager) - c:\program files\f-secure\common\fspm.sys <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 catchme - c:\docume~1\juhani\locals~1\temp\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BackWeb Client - 7681197 (F-Secure BackWeb) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>

S2 FSAA (F-Secure Authentication Agent) - "c:\program files\f-secure\common\fsaa.exe" <Not Verified; F-Secure Corporation. All Rights Reserved.; F-Secure Authentication Agent>
S3 F-Secure BackWeb LAN Access - "c:\program files\f-secure\backweb\7681197\program\fsbwlan.exe"
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 AQ - c:\docume~1\juhani\locals~1\temp\aq.exe (file missing)
S4 FDOJOWCVQLE - c:\docume~1\juhani\locals~1\temp\fdojowcvqle.exe (file missing)
S4 NHBAKB - c:\docume~1\juhani\locals~1\temp\nhbakb.exe (file missing)
S4 OOD2000 (O&O Defrag 2000) - "c:\windows\system32\ood2000.exe" <Not Verified; O&O Software GmbH; O&O Defrag 2000>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6085
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2007-11-23 17:15:00 442 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-11-21 20:14:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-10-24 and 2007-11-24 -----------------------------

2007-11-20 19:09:07 0 d-------- C:\.jagex_cache_32
2007-11-20 17:43:18 0 dr-h----- C:\Documents and Settings\Juhani\Recent
2007-11-08 18:14:12 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-10-27 15:08:09 0 d-------- C:\WINDOWS\system32\dt
2007-10-27 12:24:15 0 d-------- C:\Documents and Settings\Juhani\Application Data\Lavasoft
2007-10-27 09:39:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia

-- Find3M Report ---------------------------------------------------------------

2007-11-23 21:07:25 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-20 17:44:31 0 d-------- C:\Documents and Settings\Juhani\Application Data\uTorrent
2007-11-20 15:00:21 0 d-------- C:\Program Files\EurowordPro
2007-11-20 14:57:09 0 d-------- C:\Program Files\Windows Live Safety Center
2007-11-18 14:36:28 0 d-------- C:\Program Files\Yahoo!
2007-11-17 17:29:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-17 17:26:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 13:13:08 0 d-------- C:\Documents and Settings\Juhani\Application Data\AvaFind Data
2007-11-05 15:56:43 0 d-------- C:\Documents and Settings\Juhani\Application Data\AdobeUM
2007-11-05 15:48:48 0 d-------- C:\Program Files\Google
2007-10-27 16:27:00 0 d-------- C:\Program Files\F-Secure
2007-10-06 19:42:13 0 d-------- C:\Documents and Settings\Juhani\Application Data\vlc
2007-10-02 18:19:54 0 d-------- C:\Documents and Settings\Juhani\Application Data\JAM Software
2007-09-27 18:58:57 0 d-------- C:\Documents and Settings\Juhani\Application Data\Notepad++
2007-09-27 18:31:10 0 d-------- C:\Documents and Settings\Juhani\Application Data\Indentix
2007-09-27 18:27:13 0 d-------- C:\Documents and Settings\Juhani\Application Data\Locktime
2007-09-24 19:54:09 0 d-------- C:\Program Files\PDFCreator
2007-09-24 19:53:44 0 d-------- C:\Program Files\Microsoft Works <MICROS~1>
2007-09-24 19:42:16 0 d-------- C:\Documents and Settings\Juhani\Application Data\TuneUp Software
2007-09-01 13:44:05 73216 -----n--- C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [04.03.2005 11:01 C:\WINDOWS\AGRSMMSG.exe]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [05.12.2002 16:24]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08.05.2003 10:00]
"BluetoothAuthenticationAgent"="bthprops.cpl" [15.09.2004 01:12 C:\WINDOWS\system32\bthprops.cpl]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [15.10.2004 19:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16.02.2007 10:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 01:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [13.09.2007 20:36]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [27.05.2007 16:30]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
backup=C:\WINDOWS\pss\HP Image Zone -pikakäynnistys.lnkCommon Startup
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Image Zone -pikakäynnistys.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvaFind]
"C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ava Find\AvaFind.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
"C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OOD2000"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

-- End of Deckard's System Scanner: finished at 2007-11-24 11:14:17 ------------

Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Sempron(tm) 3000+
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 511.48 MiB / 220.55 MiB
Pagefile Memory (total/avail): 1250 MiB / 985.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.21 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 107.38 GiB total, 45.32 GiB free.
D: is Fixed (FAT32) - 4.42 GiB total, 0.92 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1203N - 111.81 GiB - 2 partitions
\PARTITION0 - Unknown - 4.43 GiB - D:
\PARTITION1 (bootable) - Asennettava tiedostojärjestelmä - 107.38 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: F-Secure Anti-Virus 5.43 v5.43 (F-Secure Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Documents and Settings\\Juhani\\Työpöytä\\µTorrent.exe"="C:\\Documents and Settings\\Juhani\\Työpöytä\\µTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\TightVNC\\WinVNC.exe"="C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\TightVNC\\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\webcamXP\\webcamXP.exe"="C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\webcamXP\\webcamXP.exe:*:Enabled:webcamXP 2007"
"C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\TightVNC\\vncviewer.exe"="C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\TightVNC\\vncviewer.exe:*:Enabled:vncviewer"
"C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\Wysigot\\Wysigot.exe"="C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\Wysigot\\Wysigot.exe:*:Enabled:Wysigot Web Browser"
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\backWeb-7681197.exe"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\backWeb-7681197.exe:*:Enabled:backWeb-7681197"
"C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\mIRC\\mirc.exe"="C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd"
"C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\hfs.exe"="C:\\Documents and Settings\\Juhani\\Omat tiedostot\\Ohjelmat\\hfs.exe:*:Enabled:hfs"
"C:\\Documents and Settings\\Juhani\\Työpöytä\\hfs.exe"="C:\\Documents and Settings\\Juhani\\Työpöytä\\hfs.exe:*:Enabled:hfs"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Juhani\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TAKALO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Juhani
LOGONSERVER=\\TAKALO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Juhani\LOCALS~1\Temp
TMP=C:\DOCUME~1\Juhani\LOCALS~1\Temp
USERDOMAIN=TAKALO
USERNAME=Juhani
USERPROFILE=C:\Documents and Settings\Juhani
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

HP_Omistaja (admin)
Lapset
Juhani (admin)
hallinta (admin)
Vieras (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\WINDOWS\BWUnin-6.1.4.58-7681197L.exe -AppId 7681197
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0xb -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
Any Video Converter 1.3.3 --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Any Video Converter\unins000.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Audacity\unins000.exe"
Barbie(TM) ja Pegasoksen taika --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\PegasusUnFI.exe
Barbie(TM) Joutsenlampi --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\SwanLakeUn.exe
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP150 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Cartes du Ciel --> "C:\Program Files\Ciel\Uninstall.exe" "C:\Program Files\Ciel\install.log"
CCleaner (remove only) --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\CCleaner\uninst.exe"
CD-ROM Lauri Luuranko --> C:\WINDOWS\Unin040b.exe -r"Helsinki Media\CD-ROM Lauri Luuranko\1.00.0001" -n"CD-ROM Lauri Luuranko" -fC:\OHJELM~1\HELSIN~1\CD-ROM~1\DeIsL1.isu -cC:\OHJELM~1\HELSIN~1\CD-ROM~1\uninst.dll
Cheat Engine 5.3 --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Cheat Engine\unins000.exe"
Chromadrome 1.10 --> "C:\Program Files\Chromadrome\unins000.exe"
Colin McRae Rally 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC67770B-581D-4E96-B72A-A7907CE18725}\setup.exe" -l0x9
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Euroword Pro --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\EurowordPro\ST6UNST.LOG"
F-Secure Anti-Virus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
F-Secure BackWeb --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure BackWeb"
F-Secure Management Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
foobar2000 v0.9.4.4 --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Foobar v0.9.4.4.\uninstall.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Harjoituskirja englanti 3 - Verkkoasennus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35A9CBB8-A453-470E-A84D-7D00C4E92228}\setup.exe" -l0xb
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
HijackThis 1.99.1 --> C:\hjt\HijackThis.exe /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Digital Photo Advisor --> MsiExec.exe /X{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}
HP Image Zone 4.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart -kamerat 4.5 --> C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Index.dat Analyzer v2.0 --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Index.dat Analyzer\unins000.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KnightsAndMerchants --> C:\WINDOWS\uninst.exe -fC:\KnightsAndMerchants\DeIsL1.isu -cC:\KnightsAndMerchants\_ISREG32.DLL
LimeWire PRO 4.12.3 --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\LimeWire\uninstall.exe"
Lock On: Modern Air Combat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}\setup.exe" -l0x9
Logitech Gaming Software --> MsiExec.exe /X{FAAA508A-05C0-488B-BFC2-F9217E545A81}
Magic DVD Ripper V5.0.1 --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\MagicDVDRipper\unins000.exe"
Max Payne --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe" uninstall uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{0001040B-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Standard opiskelijoille ja opettajille --> MsiExec.exe /I{913D040B-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2002 --> MsiExec.exe /I{911B040B-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{323F6CCF-BBBA-41FB-AF39-62C4FE717CA4}
mIRC --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.4) --> C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Firefox\uninstall\helper.exe
Mp3tag v2.38 --> C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Mp3tag\Mp3tagUninstall.EXE
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fin_web.exe /LANG="1035"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
O&O Defrag 2000 Freeware Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86E5246-AA7E-11D4-88C9-00105ADBE398}\Setup.exe"
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Oppikirja englanti - Verkkoasennus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FCFB0C4-7451-4DC0-B676-611E47F20772}\setup.exe" -l0xb
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PDFCreator 0.7.1} --> C:\Program Files\PDFCreator\unins000.exe
Programming Editor --> MsiExec.exe /X{D8FFCFC6-682E-48F5-89C7-0451341506F2}
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Sanakirjan puhesyntetisaattori --> MsiExec.exe /I{2C02CB68-46DA-42D1-B47D-094B578E8F7C}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spider-Man 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2F7655DD-793E-40C6-B348-DE67C109F6FF}
SuperStaraoke Demo 1.00 --> "C:\Program Files\SuperStaraoke Demo\unins000.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Turbo Sliders (remove only) --> "C:\Program Files\Jollygood Games\Turbo Sliders\uninstall.exe"
VideoLAN VLC media player 0.8.6c --> C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\VLC\uninstall.exe
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windowsin ohjainpaketti - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WinHTTrack Website Copier 3.41-3 --> "C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\WinHTTrack\unins000.exe"
Worms2 --> C:\WINDOWS\IsUninst.exe -fC:\Team17\Worms2\Uninst.isu

-- Application Event Log -------------------------------------------------------

Event Record #/Type10878 / Error
Event Submitted/Written: 11/24/2007 11:08:16 AM
Event ID/Source: 8 / crypt32
Event Description:
Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Event Record #/Type10877 / Error
Event Submitted/Written: 11/24/2007 11:08:16 AM
Event ID/Source: 8 / crypt32
Event Description:
Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ei voi päivittää automaattisesti. Virhe: Verkkoyhteyttä ei ole.

Event Record #/Type10876 / Error
Event Submitted/Written: 11/24/2007 11:08:00 AM
Event ID/Source: 8 / crypt32
Event Description:
Kolmannen osapuolen pääluettelojärjestyksen noutamista kohteesta <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ei voi päivittää automaattisesti. Virhe: Toiminto palautui aikakatkaisun johdosta.

Event Record #/Type10874 / Warning
Event Submitted/Written: 11/24/2007 11:04:40 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Tuotteen {913D040B-6000-11D3-8CFE-0050048383C9} toiminnon InternationalSupportFiles_JPN tunnistaminen epäonnistui pyydettäessä komponenttia {D4C8BFFA-BF6F-11D1-843A-0000F807F120}

Event Record #/Type10866 / Success
Event Submitted/Written: 11/23/2007 08:14:04 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type112934 / Error
Event Submitted/Written: 11/20/2007 03:26:25 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun StiSvc argumenteilla ""
suorittaakseen palvelinosan:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type112933 / Error
Event Submitted/Written: 11/20/2007 03:26:18 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
AFD
AmdK7
Fips
IPSec
MRxSmb
NetBIOS
NetBT
NPPTNT2
prodrv06
RasAcd
Rdbss
Tcpip
wpsdrvnt

Event Record #/Type112932 / Error
Event Submitted/Written: 11/20/2007 03:26:18 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Palvelu IPSEC-palvelut on riippuvainen palvelusta IPSEC-ohjain, jonka käynnistyminen epäonnistui virheen vuoksi:
%%31

Event Record #/Type112931 / Error
Event Submitted/Written: 11/20/2007 03:26:18 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Palvelu TCP/IP NetBIOS Helper on riippuvainen palvelusta AFD Networking Support -ympäristö, jonka käynnistyminen epäonnistui virheen vuoksi:
%%31

Event Record #/Type112930 / Error
Event Submitted/Written: 11/20/2007 03:26:18 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Palvelu DNS-asiakas on riippuvainen palvelusta TCP/IP-protokollaohjain, jonka käynnistyminen epäonnistui virheen vuoksi:
%%31

-- End of Deckard's System Scanner: finished at 2007-11-24 11:14:17 ------------

tomato71 · Nov 24, 2007

jaahans.....
örkkejä riittää...

Lataa CCleaner tästä
*Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
*Asennuksen jälkeen aukaise CCleaner.
*Valitse vasemmalta pystyrivistä Options.
*Valitse viereisestä pystyrivistä Settings.
*Language kohtaan valitse Suomi.
Puhdistaja
*Valitse vasemmalta pystyrivistä Puhdistaja.
*Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
*Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
*Valitse vasemmalta pystyrivistä Virheet.
*Paina alhaalta Etsi rekisterin virheitä.
*Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
*Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
*Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
*Saat vielä varmistus kysymyksen, paina Ok.
*Kun virheet on korjattu, paina Sulje.
*Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.

ja sitten...

Tallenna alla oleva teksti muistiossa nimellä delfd.bat työpöydälle (tallennusmuoto kaikki tiedostot, *.*):
Code:
@ECHO OFF
sc stop FDOJOWCVQLE
sc delete FDOJOWCVQLE
sc stop AQ
sc delete AQ
sc stop NHBAKB
sc delete NHBAKB
Tuplaklikkaa delfd.bat, komentoikkuna välähtää; se on normaalia.

ja sitten nyt tuo combofixxi on korjattu,poista vanhat ja lataa uusi
skannaa ja lähetä loki +uusi hjt-loki

Anon999 · Nov 24, 2007

Olen ajatun tuo CCleaneria säännöllisesti, mitä tuo Hjt skannaa kun siinä yläpalkissa on se "015 - Trusted Zone enumeration.." koska sen skannaus kestää aina todella kauan ja konetta ei voi käyttää silloin. Ja tässä nämä logit:

Combofix:

ComboFix 07-11-19.3 - Juhani 2007-11-24 14:22:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.151 [GMT 2:00]
Running from: C:\Documents and Settings\Juhani\Työpöytä\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll
D:\Autorun.inf

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-10-24 to 2007-11-24 )))))))))))))))))
.

2007-11-23 20:09 <KANSIO> d-------- C:\Deckard
2007-11-08 18:14 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-27 15:08 <KANSIO> d-------- C:\WINDOWS\system32\dt
2007-10-27 12:24 <KANSIO> d-------- C:\Documents and Settings\Juhani\Application Data\Lavasoft
2007-10-26 15:25 <KANSIO> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PDFcreator

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 17:12 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-20 15:44 --------- d-----w C:\Documents and Settings\Juhani\Application Data\uTorrent
2007-11-20 13:00 --------- d-----w C:\Program Files\EurowordPro
2007-11-20 12:57 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-18 12:36 --------- d-----w C:\Program Files\Yahoo!
2007-11-17 15:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 15:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 11:13 --------- d-----w C:\Documents and Settings\Juhani\Application Data\AvaFind Data
2007-11-05 13:56 --------- d-----w C:\Documents and Settings\Juhani\Application Data\AdobeUM
2007-11-05 13:48 --------- d-----w C:\Program Files\Google
2007-10-30 07:23 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AdobeUM
2007-10-27 14:27 --------- d-----w C:\Program Files\F-Secure
2007-10-25 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-06 17:42 --------- d-----w C:\Documents and Settings\Juhani\Application Data\vlc
2007-10-02 16:19 --------- d-----w C:\Documents and Settings\Juhani\Application Data\JAM Software
2007-09-27 16:58 --------- d-----w C:\Documents and Settings\Juhani\Application Data\Notepad++
2007-09-27 16:31 --------- d-----w C:\Documents and Settings\Juhani\Application Data\Indentix
2007-09-27 16:27 --------- d-----w C:\Documents and Settings\Juhani\Application Data\Locktime
2007-09-27 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime
2007-09-24 17:54 --------- d-----w C:\Program Files\PDFCreator
2007-09-24 17:53 --------- d-----w C:\Program Files\Microsoft Works
2007-09-24 17:42 --------- d-----w C:\Documents and Settings\Juhani\Application Data\TuneUp Software
2007-09-01 11:44 73,216 ------w C:\WINDOWS\ST6UNST.EXE
2007-06-18 07:53 128,656 ----a-w C:\Documents and Settings\Juhani\Application Data\GDIPFONTCACHEV1.DAT
2007-03-17 09:14 37,860,928 ----a-w C:\Program Files\iTunesSetup.exe
2006-09-26 23:36 7,702,675 ----a-w C:\Program Files\PDFCreator-Setup-0_7_1.zip
2005-03-29 13:18 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-07-05 11:17 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-09-13 20:36]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 16:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 16:24]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 01:12 C:\WINDOWS\system32\bthprops.cpl]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-09-13 20:36]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
backup=C:\WINDOWS\pss\HP Image Zone -pikakäynnistys.lnkCommon Startup
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Image Zone -pikakäynnistys.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
2004-01-01 18:57 159744 --a------ C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvaFind]
C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\Ava Find\AvaFind.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 23:11 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-03-14 19:05 257088 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
2004-01-01 18:57 159744 --a------ C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OOD2000"=3 (0x3)

R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
R2 FSpm;F-Secure Policy Manager;\??\C:\Program Files\F-Secure\Common\FSPM.SYS
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2007-11-23 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\TuneUp\SystemOptimizer.exe
"2007-11-21 18:14:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 14:28:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-24 14:32:25 - machine was rebooted
.
--- E O F ---

Hjt:

Logfile of HijackThis v1.99.1
Scan saved at 14:37:27, on 24.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\hjt\scanner.exe.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\F-Secure\Common\FIH32.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Documents and Settings\Juhani\Omat tiedostot\Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60E40012-CB1F-4990-B58C-2CA450191F75}: NameServer = 192.168.0.254
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

tomato71 · Nov 24, 2007

jep lokit suht OK
muutama tiedosto pitäis vielä tarkistaa..

Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.Huom! Vain yksi tiedosto kerralla

C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\dt
C:\WINDOWS\Setup1.exe

Lähetä skannin tulokset seuraavassa viestissäsi.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html

ja lopputarkistu...

Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.

Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.

Klikkaa nyt asetuksia, Scan Settings

Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Klikkaa OK

Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer

Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.

Klikkaa nyt Save as Text-painiketta.

Tallenna tiedosto työpöydällesi.

Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

Log in or Sign up

Apua, koneessa Keylogger!

Anon999 Regular member

Hujo Guest

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Share This Page

Log in or Sign up

Apua, koneessa Keylogger!

Anon999 Regular member

Hujo Guest

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Anon999 Regular member

tomato71 Regular member

Share This Page

Useful Searches