auttakaa tässä olis HJT logi.

Eli ongelmana on että ie puskee mainoksia vaikka käytössä on mozilla. Ja palomuurina on sygate mistä ie on estettyjen listalla. Olen tarkastanut koneesata virukset eikä mitään ole löytynyt. Nyt sit päätin ottaa HJT login ja tälläsen se anto ulos. Olisin todella kiitollinen jos joku osais auttaa.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:24, on 14.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
D:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\fram\FreeRAM XP Pro 1.40.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\uTorrent\utorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zrtwfbzowtznpatpv.com//i...v_kNPpZrZD5Fep782e6y6naaWYE5ASsQ5if/JsugN.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\ativcoxxss.dll (file missing)
O2 - BHO: ChangerBHO Class - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\Audio3Dv.dll (file missing)
O2 - BHO: SpoofBHO Class - {385066e0-23f3-11db-a98b-0800200c9a66} - C:\WINDOWS\se_spoof.dll (file missing)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\system32\bridge.dll (file missing)
O2 - BHO: Clicker Class - {A97B5EF1-CA64-466F-AC40-F770ED52DB92} - C:\WINDOWS\system32\mscoriezz.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{344A4~1\Bar888.dll (file missing)
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - E:\jokupaska\TorrentManager.dll (file missing)
O2 - BHO: TrustIn Bar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\Program Files\trustin bar\trustin.dll (file missing)
O2 - BHO: (no name) - {EEAC0446-143D-DE33-A4C5-B5E75FA71F41} - C:\DOCUME~1\Dille\APPLIC~1\KEEPCA~1\EachSign.exe (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O3 - Toolbar: TrustIn Bar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\Program Files\trustin bar\trustin.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{344A4~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\system32\bridge.dll",Load
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [FreeRAM XP] "D:\fram\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{144A41CB-0647-1035-0427-040406230166}] "C:\Program Files\Common Files\{144A41CB-0647-1035-0427-040406230166}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{144A41CB-0647-1035-0427-040406230166}] "C:\Program Files\Common Files\{144A41CB-0647-1035-0427-040406230166}\Update.exe" mc-110-12-0002239 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130145242812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 11133 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zrtwfbzowtznpatpv.com//im1FVK...sQ5if/JsugN.htm
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll (file missing)
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\ativcoxxss.dll (file missing)
O2 - BHO: ChangerBHO Class - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\Audio3Dv.dll (file missing)
O2 - BHO: SpoofBHO Class - {385066e0-23f3-11db-a98b-0800200c9a66} - C:\WINDOWS\se_spoof.dll (file missing)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll (file missing)
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\system32\bridge.dll (file missing)
O2 - BHO: Clicker Class - {A97B5EF1-CA64-466F-AC40-F770ED52DB92} - C:\WINDOWS\system32\mscoriezz.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{344A4~1\Bar888.dll (file missing)
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - E:\jokupaska\TorrentManager.dll (file missing)
O2 - BHO: TrustIn Bar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\Program Files\trustin bar\trustin.dll (file missing)
O2 - BHO: (no name) - {EEAC0446-143D-DE33-A4C5-B5E75FA71F41} - C:\DOCUME~1\Dille\APPLIC~1\KEEPCA~1\EachSign.exe (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O2 - BHO: ContextualAds Class - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - C:\Program Files\TrustIn Contextual\trustincontext.dll (file missing)
O3 - Toolbar: TrustIn Bar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\Program Files\trustin bar\trustin.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{344A4~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

==============

sammuta ja käynnistä

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi

===================

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

 

No nii pitkällisen tappelun jälkeen selvisin voittajaka

HJT logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:56, on 14.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\F-Secure Internet Security\fswsclds.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
D:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\fram\FreeRAM XP Pro 1.40.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zrtwfbzowtznpatpv.com//i...v_kNPpZrZD5Fep782e6y6naaWYE5ASsQ5if/JsugN.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [FreeRAM XP] "D:\fram\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Lataa FlashGetillä
- C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Lataa kaikki FlashGetillä
- C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130145242812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7985 bytes

catchme logi

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 20:42:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:4b3dd4a7
"s2"=dword:59826b86
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9a,44,bb,f4,da,35,f5,3e,a1,e5,03,c5,1d,06,c6,92,31,6e,9a,fd,cd,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1e,ab,10,46,17,0b,4a,e8,4a,0c,2b,c5,de,23,21,0b,50,..
"khjeh"=hex:1b,35,9d,4f,ae,57,a6,ed,73,36,01,db,72,cc,aa,a2,1d,66,c9,e1,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b5,4c,ea,ad,bd,66,3a,23,ee,ee,22,8c,6d,d4,9c,c8,d9,be,51,a2,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:64,62,03,00,40,3a,2c,00,20,8e,2d,00,e8,ff,ff,ff,b8,c0,46,00,d8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,bd,5b,8b,7a,73,92,0c,67,64,b9,1a,97,02,1f,f7,fe,05,bf,26,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a1,92,0f,4f,f9,39,63,a7,53,e6,22,d5,4d,e2,ad,55,7b,1a,2e,2b,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9a,44,bb,f4,da,35,f5,3e,a1,e5,03,c5,1d,06,c6,92,31,6e,9a,fd,cd,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1e,ab,10,46,17,0b,4a,e8,4a,0c,2b,c5,de,23,21,0b,50,..
"khjeh"=hex:1b,35,9d,4f,ae,57,a6,ed,73,36,01,db,72,cc,aa,a2,1d,66,c9,e1,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b5,4c,ea,ad,bd,66,3a,23,ee,ee,22,8c,6d,d4,9c,c8,d9,be,51,a2,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:64,62,03,00,78,1a,1d,00,40,21,26,00,f0,ff,ff,ff,6c,68,01,00,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,bd,5b,8b,7a,73,92,0c,67,64,b9,1a,97,02,1f,f7,fe,05,bf,26,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a1,92,0f,4f,f9,39,63,a7,53,e6,22,d5,4d,e2,ad,55,7b,1a,2e,2b,ef,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Ja report logi

SDFix: Version 1.240
Run by Dille on ke 14.01.2009 at 20:35

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Dille\Ty”p”yt„\sdfix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\u.exe - Deleted
C:\WINDOWS\system32\TFTP1728 - Deleted
C:\WINDOWS\system32\TFTP1808 - Deleted
C:\WINDOWS\system32\TFTP2408 - Deleted
C:\WINDOWS\system32\TFTP2632 - Deleted
C:\WINDOWS\system32\TFTP3052 - Deleted
C:\WINDOWS\system32\TFTP4016 - Deleted
C:\WINDOWS\system32\TFTP4136 - Deleted
C:\WINDOWS\system32\TFTP776 - Deleted
C:\WINDOWS\system32\TFTP940 - Deleted



Folder C:\Temp\tn3 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 20:42:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:4b3dd4a7
"s2"=dword:59826b86
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9a,44,bb,f4,da,35,f5,3e,a1,e5,03,c5,1d,06,c6,92,31,6e,9a,fd,cd,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1e,ab,10,46,17,0b,4a,e8,4a,0c,2b,c5,de,23,21,0b,50,..
"khjeh"=hex:1b,35,9d,4f,ae,57,a6,ed,73,36,01,db,72,cc,aa,a2,1d,66,c9,e1,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b5,4c,ea,ad,bd,66,3a,23,ee,ee,22,8c,6d,d4,9c,c8,d9,be,51,a2,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:64,62,03,00,40,3a,2c,00,20,8e,2d,00,e8,ff,ff,ff,b8,c0,46,00,d8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,bd,5b,8b,7a,73,92,0c,67,64,b9,1a,97,02,1f,f7,fe,05,bf,26,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a1,92,0f,4f,f9,39,63,a7,53,e6,22,d5,4d,e2,ad,55,7b,1a,2e,2b,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:9a,44,bb,f4,da,35,f5,3e,a1,e5,03,c5,1d,06,c6,92,31,6e,9a,fd,cd,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1e,ab,10,46,17,0b,4a,e8,4a,0c,2b,c5,de,23,21,0b,50,..
"khjeh"=hex:1b,35,9d,4f,ae,57,a6,ed,73,36,01,db,72,cc,aa,a2,1d,66,c9,e1,54,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b5,4c,ea,ad,bd,66,3a,23,ee,ee,22,8c,6d,d4,9c,c8,d9,be,51,a2,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:64,62,03,00,78,1a,1d,00,40,21,26,00,f0,ff,ff,ff,6c,68,01,00,40,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,bd,5b,8b,7a,73,92,0c,67,64,b9,1a,97,02,1f,f7,fe,05,bf,26,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:a1,92,0f,4f,f9,39,63,a7,53,e6,22,d5,4d,e2,ad,55,7b,1a,2e,2b,ef,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\Warcraft III\\Warcraft III.exe"="E:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\spoolsvc.exe"="C:\\WINDOWS\\system32\\spoolsvc.exe:*isabled:spoolsvc"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++"
"D:\\Kivat\\Firc3.0\\FIRC.exe"="D:\\Kivat\\Firc3.0\\FIRC.exe:*:Enabled:mIRC"
"E:\\Sierra\\Half-Life\\Steam.exe"="E:\\Sierra\\Half-Life\\Steam.exe:*:Enabled:Steam"
"E:\\Sierra\\Half-Life\\SteamApps\\zeroxy\\counter-strike\\hl.exe"="E:\\Sierra\\Half-Life\\SteamApps\\zeroxy\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"="C:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\zeroxy\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\zeroxy\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\zeroxy\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\zeroxy\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"F:\\pelit\\DUKE\\Duke3D\\eduke32.exe"="F:\\pelit\\DUKE\\Duke3D\\eduke32.exe:*isabled:eduke32"
"D:\\uTorrent\\utorrent.exe"="D:\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019"
"D:\\Microsoft Office\\Office12\\groove.exe"="D:\\Microsoft Office\\Office12\\groove.exe:*isabled:Microsoft Office Groove"
"D:\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Microsoft Office\\Office12\\ONENOTE.EXE:*isabled:Microsoft Office OneNote"
"C:\\Program Files\\ProxyWay\\proxyway.exe"="C:\\Program Files\\ProxyWay\\proxyway.exe:*isabledroxyway"
"E:\\Codemasters\\Worms 4 Mayhem\\Worms 4 Mayhem.exe"="E:\\Codemasters\\Worms 4 Mayhem\\Worms 4 Mayhem.exe:*:Enabled:Worms 4 Mayhem"
"E:\\Warcraft III\\War3.exe"="E:\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\zeroxy\\half-life blue shift\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\zeroxy\\half-life blue shift\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\South park rally\\sprally2.exe"="F:\\South park rally\\sprally2.exe:*isabled:South Park Rally"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*isabled:Microsoft DirectPlay Helper"
"F:\\pelit\\rollcage\\Rollcage\\Direct3D\\Rollcage.exe"="F:\\pelit\\rollcage\\Rollcage\\Direct3D\\Rollcage.exe:*isabled:Rollcage Main Game Executable"
"E:\\PELIT\\Postal2\\System\\UCC.exe"="E:\\PELIT\\Postal2\\System\\UCC.exe:*:Enabled:UCC"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*isabled:WinDVD"
"F:\\PELIT\\fear\\FEAR.exe"="F:\\PELIT\\fear\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Dille\TYPYT~1\sdfix\backups\backups.zip

Files with Hidden Attributes :

Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Wed 15 Sep 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Fri 11 Mar 2005 56 ..SHR --- "C:\WINDOWS\system32\51C401C7CB.sys"
Sun 1 May 2005 5,224 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 3 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

 

scannaa hjt:llä merkkaa paina Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zrtwfbzowtznpatpv.com//im1FVK...sQ5if/JsugN.htm

================

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta ketjuusi

 

7-Zip 4.57
A3D Output Plug-In (WinAmp)
Adobe Acrobat 5.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Stock Photos 1.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AudioBurst FX Engine
AVIcodec (remove only)
BSPlayer
Build-a-lot 3: Passport To Europe
Car Thief 6 Full
CSI-Hard Evidence
CSI-Miami
DC++ 0.667
DivX Player
DivX Pro Trial
Dr. DivX Trial
ESET NOD32 Antivirus
FEAR
FireBurner
Gearhead Garage
Half-Life: Blue Shift
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
InterVideo WinDVD 8
Java(TM) 6 Update 3
Jewel Quest 3
Kodak EasyShare software
LiveReg (Symantec Corporation)
Macromedia Shockwave Player
Magic DVD Copier V4.6
Magic ISO Maker v4.3 (build 0099)
Magic ISO Maker v4.8 (build 0142)
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Finnish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (Finnish) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (Finnish) 2007
Microsoft Office Language Pack 2007 - Finnish/suomi
Microsoft Office O MUI (Finnish) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Finnish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer MUI (Finnish) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft Office X MUI (Finnish) 2007
Microsoft Office XP Professional med FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Visual C++ 2005 Redistributable
mIRC
Monopoly by Parker Brothers
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Need for Speed™ Carbon
Nero OEM
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
Philips SPC 200NC PC Camera
Photo Loader 2.1E
Photohands 1.0E
PowerISO
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB908531)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB911280)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB931836)
Päivitys Windows XP:lle (KB933360)
Päivitys Windows XP:lle (KB938828)
Päivitys Windows XP:lle (KB942763)
Päivitys Windows XP:lle (KB942840)
Päivitys Windows XP:lle (KB946627)
ratDVD 0.78.1444
RealPlayer Basic
Realtek AC'97 Audio
Red Alert Windows 95
RevConnect
RTLSetup
SAMSUNG CDMA Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
ScummVM 0.11.0
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
SolSuite
South Park Rally
SpeedFan (remove only)
SqrSoft® Advanced Crossfading (remove only)
Steam(TM)
Studio 8
Studio Content CD
StyleXP (remove only)
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Player 9:lle (KB917734)
Suojauspäivitys Windows Media Player 9:lle (KB936782)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB903235)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921503)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924191)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB929969)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933566)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB936021)
Suojauspäivitys Windows XP:lle (KB937143)
Suojauspäivitys Windows XP:lle (KB937894)
Suojauspäivitys Windows XP:lle (KB938127)
Suojauspäivitys Windows XP:lle (KB938829)
Suojauspäivitys Windows XP:lle (KB939653)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB941693)
Suojauspäivitys Windows XP:lle (KB942615)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944338)
Suojauspäivitys Windows XP:lle (KB944533)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB945553)
Suojauspäivitys Windows XP:lle (KB946026)
Suojauspäivitys Windows XP:lle (KB947864)
Suojauspäivitys Windows XP:lle (KB948590)
Suojauspäivitys Windows XP:lle (KB948881)
Suojauspäivitys Windows XP:lle (KB950749)
Suojauspäivitys Windows XP:lle (KB950759)
Suojauspäivitys Windows XP:lle (KB950760)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB951376)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB951698)
Sygate Personal Firewall Pro
The BullsEye Network
Update for Office 2007 (KB932080)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
Winamp
WindowBlinds
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Liven kirjautumisavustaja
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
Your Uninstaller! 2008 Version 6.0

 

Poista lisää poista sovelutuksesta

LiveReg (Symantec Corporation)

Poista kansio vikasiedossa

C:\Program Files\F-Secure Internet Security

==============

Lataa JavaRa ja pura se työpöydällesi.

***Sulje kaikki päällä olevat Internet Explorerin ikkunat ennen jatkamista!***

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Valitse English pudotusvalikosta valitaksesi kieleksi englannin ja klikkaa Select.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu. Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.
4. Asenna uusin Java päivitys seuraavasta linkistä..

Lataa täältä uusi java

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 11
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

 

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jan 17 15:00:55 2009

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\JavaPlugin.142_06

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

------------------------------------

Finished reporting.

 

1.Lataa Combofix.exe työpöydällesi yhdestä linkistä:
Combofix1
Combofix2

Älä asenna palautus consolia
2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 09-01-16.03 - Dille 2009-01-17 15:57:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.767.435 [GMT 2:00]
Sijainti: e:\torrent\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated)
AV: Panda Titanium Antivirus 2004 *On-access scanning disabled* (Outdated)
FW: Sygate Personal Firewall Pro *disabled*
* Uusi palautuspiste luotu
* Resident AV is active


VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dille\Application Data\inst.exe
c:\program files\Common Files\{144A4~1
c:\program files\Common Files\{144A4~2
c:\program files\Common Files\{144A4~3
c:\program files\Common Files\{344A4~1
c:\program files\TrustIn Bar
c:\program files\TrustIn Bar\bar.xml
c:\windows\tse.exe

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENT_IP-IPX
-------\Legacy_CORE
-------\Legacy_POWERMANAGER
-------\Service_Client IP-IPX


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-12-17 to 2009-01-17 )))))))))))))))))
.

2009-01-17 15:11 . 2009-01-17 15:11 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-14 20:08 . 2008-11-06 02:03 <KANSIO> d-------- C:\SDFix
2009-01-14 20:07 . 2009-01-14 20:08 1,529,241 --a------ C:\SDFix.exe
2009-01-14 19:33 . 2009-01-14 19:33 <KANSIO> d-------- c:\windows\ERUNT
2009-01-14 17:49 . 2009-01-14 17:49 <KANSIO> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 17:49 . 2009-01-14 17:49 <KANSIO> d-------- c:\documents and settings\Dille\Application Data\Malwarebytes
2009-01-14 17:49 . 2009-01-14 17:49 <KANSIO> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 17:49 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 17:49 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-14 16:54 . 2009-01-14 16:54 <KANSIO> d-------- c:\program files\Trend Micro
2009-01-09 10:35 . 2009-01-09 10:35 <KANSIO> d-------- c:\windows\Jewel Quest 3
2008-12-24 21:35 . 2008-12-24 21:42 <KANSIO> d-------- c:\program files\FlashGet
2008-12-24 21:09 . 2008-12-24 21:49 <KANSIO> d-------- c:\program files\Mass Downloader
2008-12-24 21:09 . 2008-12-24 21:09 <KANSIO> d-------- c:\documents and settings\Dille\Application Data\MetaProducts
2008-12-24 20:54 . 2008-12-24 20:55 <KANSIO> d-------- C:\Download
2008-12-24 20:52 . 2008-12-24 21:50 <KANSIO> d-------- c:\program files\Star Downloader

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 14:00 --------- d-----w c:\documents and settings\Dille\Application Data\uTorrent
2009-01-17 13:11 --------- d-----w c:\program files\Java
2009-01-14 15:49 --------- d-----w c:\program files\RevConnect
2008-12-28 19:35 --------- d-----w c:\documents and settings\Dille\Application Data\SolSuite
2008-12-24 12:23 --------- d-----w c:\program files\SpeedFan
2008-12-24 11:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 12:11 --------- d-----w c:\documents and settings\Dille\Application Data\Jasc Software Inc
2008-12-13 12:02 --------- d-----w c:\program files\NetLimiter
2008-11-25 21:42 --------- d-----w c:\documents and settings\Dille\Application Data\Atari
2008-11-22 14:45 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2007-09-29 10:44 47,360 -c--a-w c:\documents and settings\Dille\Application Data\pcouffin.sys
2007-02-22 08:27 76 ---ha-w c:\program files\Desktop.ini
2005-09-12 18:16 29,496 -c--a-w c:\documents and settings\Dille\Application Data\GDIPFONTCACHEV1.DAT
2005-03-11 11:46 56 --sh--r c:\windows\system32\51C401C7CB.sys
2005-04-30 23:37 5,224 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-15 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2005-02-28 1114112]
"FreeRAM XP"="d:\fram\FreeRAM XP Pro 1.40.exe" [2003-08-19 1330688]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-21 1410296]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-16 163840]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-11-06 200704]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-09-27 2635472]
"GrooveMonitor"="d:\microsoft office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-09-15 15360]

c:\documents and settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Microsoft Office.lnk - d:\microsoft office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\resources\Themes\Chronos.logonxp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
c:\program files\ISTsvc\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\Kivat\\Firc3.0\\FIRC.exe"=
"c:\\Program Files\\RevConnect\\DCPlusPlus.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zeroxy\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zeroxy\\counter-strike\\hl.exe"=
"d:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\pelit\\DUKE\\Duke3D\\eduke32.exe"=
"d:\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Microsoft Office\\Office12\\groove.exe"=
"d:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"f:\\South park rally\\sprally2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"f:\\PELIT\\fear\\FEAR.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R4 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S0 dakdpnvv;dakdpnvv;c:\windows\system32\drivers\ucceqvk.sys --> c:\windows\system32\drivers\ucceqvk.sys [?]
S3 cpuz;cpuz;\??\c:\docume~1\Dille\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Dille\LOCALS~1\Temp\cpuz.sys [?]
S3 gsplittm;gsplittm;\??\c:\docume~1\Dille\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Dille\LOCALS~1\Temp\gsplittm.sys [?]
S4 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;c:\program files\F-Secure Internet Security\fswsclds.exe --> c:\program files\F-Secure Internet Security\fswsclds.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05bf8e2e-654c-11d9-ab04-000d61c3a4b0}]
\Shell\AutoRun\command - h:\setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05bf8e2f-654c-11d9-ab04-000d61c3a4b0}]
\Shell\AutoRun\command - i:\setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba952a6-656d-11d9-ab05-000d61c3a4b0}]
\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - k:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba952a9-656d-11d9-ab05-000d61c3a4b0}]
\Shell\AutoRun\command - L:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{855daede-5298-11d9-aaef-000d61c3a4b0}]
\Shell\AutoRun\command - K:\NullAutorun.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-01-17 c:\windows\Tasks\ABF7EE2C91846360.job
- c:\docume~1\dille\applic~1\mixfir~1\ViewFindShim.exe []

2009-01-17 c:\windows\Tasks\E57AFCE794A9BDDB.job
- c:\docume~1\dille\applic~1\mixfir~1\ViewFindShim.exe []
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKU-Default-Run-Patches Value - WinGamed.exe
HKU-Default-Run-WindowsRegKey upd4te2d4te - aryhvedzo.exe
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe


.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://www.soneraplaza.fi/
IE: &Lataa FlashGetillä - c:\program files\FlashGet\jc_link.htm
IE: &Lataa kaikki FlashGetillä - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
IE: E&xportera till Microsoft Excel - d:\micros~1\Office10\EXCEL.EXE/3000
LSP: c:\program files\NetLimiter\nl_lsp.dll
FF - ProfilePath - c:\documents and settings\Dille\Application Data\Mozilla\Firefox\Profiles\c8xtozfr.Oletuskäyttäjä\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 16:33:49
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¹mÓw*]
"AB79C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(496)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sygate\SPF\Smc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-01-17 16:38:09 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-01-17 14:37:27

Ennen ajoa: 4 558 114 816 tavua vapaana
Ajon jälkeen: 4,462,125,056 tavua vapaana

207 --- E O F --- 2008-06-20 22:06:49

 

Scannaa koneesi Kaspersky Online Scannerin

Ohjelman käynnistyessä kysytään sallitaanko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
" Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
" Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
" Klikkaa nyt asetuksia, Scan Settings
" Tarkista asetuksista, että seuraavat ovat valittuina:
o Scan using the following Anti-Virus database:
+ Extended (Jos valittavissa, muuten valitse Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
" Klikkaa OK
" Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
" Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
" Klikkaa nyt Save as Text-painiketta.
" Tallenna tiedosto työpöydällesi.
" Mikäli haluat jatkaa asian käsittelyä foorumissa niin kopioi tiedoston sisältö viestiisi.