WIN 2000 AVATTAESSA RUNDLL PROBLEEMA. Virhe ladattaessa: C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL Määriteltyä osaa ei löydy. Mikä toi mahtaa olla? Osaako tällanen tavallinen käyttäjä tehä tolle yhtään mitään? En oo mikään ruudinkeksijä näiden korjailuissa.
Moi kari40, kyseessä ei ole mitään vakavaa mutta näin saamme sen pois. -> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe -> Tallenna hakemistoon C:\hjt -> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile. -> Lähetä ilmestynyt logisi tähän ketjuun.
Tätäkö tarkoitit? Kiitti jo etukäteen! Logfile of HijackThis v1.99.1 Scan saved at 12:24:07, on 3.5.2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\mgabg.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINNT\system32\PDesk\PDesk.exe C:\WINNT\Mixer.exe C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kalevi Savolainen\Local Settings\Temporary Internet Files\Content.IE5\PZ3V9L8E\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.raketti.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Hook Class - {9E8B9A5E-FF40-4757-AFAF-840C6B32EFA4} - C:\WINNT\system32\ppc.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O15 - Trusted IP range: http://195.255.220.162 O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.raketti.net/live/tori/AxisCamControl.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://real.gamehouse.com/games/bewitched/launcher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/chuzzle/popcaploader.cab O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
poista ohjauspaneelin lisää poista sovelluksen kautta mywebsearch jos on 0ok alotetaan näin, sulje muut ohjelmat, avaa hijackthis, merkkaa nää rivit O2 - BHO: Hook Class - {9E8B9A5E-FF40-4757-AFAF-840C6B32EFA4} - C:\WINNT\system32\ppc.dll (file missing) O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZJfox000 Poista tää kansio C:\PROGRA~1\MYWEBSEARCH Laita uusi hijackthis logi
Moi Auttaja! Ymmärsinköhän tehdä oikein. Poistin sen MYWEBS kansion. Tämän näköinen on se uus logi, mut tää jäi kyllä sinne vielä. oisko sekin pitäny ottaa pois? O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe Logfile of HijackThis v1.99.1 Scan saved at 13:32:34, on 3.5.2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\mgabg.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINNT\system32\PDesk\PDesk.exe C:\WINNT\Mixer.exe C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\Kalevi Savolainen\Local Settings\Temporary Internet Files\Content.IE5\PZ3V9L8E\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.raketti.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O15 - Trusted IP range: http://195.255.220.162 O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.raketti.net/live/tori/AxisCamControl.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://real.gamehouse.com/games/bewitched/launcher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/chuzzle/popcaploader.cab O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
Ai niin! En muistanut mainita ettei se lisää poista sovelluksen kautta mywebsearch poisto onnistunu kun se heitti sen saman ilmoituksen kuin konetta käynnistettäessä, ettei määriteltyä osaa löydy.
merkkaa nää rivit O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab O15 - Trusted IP range: http://195.255.220.162 -jos olet itse lisännyt ei tarvitse korjat O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab ********** katotaan toimiiko tää Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
Moi auttaja! Merkasin ja ajelin noi scannaukset vasta nyt. on ollu muita pirullisia projekteja. kiitti jeesauksesta. homma alkaa jo toimiin. tässä ekaks main.txt ja sit extra.txt jos vaan viitsit katsoo miltä nää nyt susta vaikuttaa? Deckard's System Scanner v20070426.43 Run by Kalevi Savolainen on 2007-05-07 at 18:54:20 Computer is in Normal Mode. -------------------------------------------------------------------------------- Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Kalevi Savolainen.exe) ----------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 18:56:07, on 7.5.2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\mgabg.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINNT\system32\PDesk\PDesk.exe C:\WINNT\Mixer.exe C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\Kalevi Savolainen\Työpöytä\dss.exe C:\DOCUME~1\KALEVI~1\Työpöytä\Kalevi Savolainen.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.raketti.net:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Sonera\InternetAvustaja\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.raketti.net/live/tori/AxisCamControl.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://real.gamehouse.com/games/bewitched/launcher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/chuzzle/popcaploader.cab O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe -- HijackThis Fixed Entries (C:\DOCUME~1\KALEVI~1\Työpöytä\backups\) ----------- backup-20070507-184638-142 O15 - Trusted IP range: http://195.255.220.162 backup-20070507-184638-225 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe backup-20070507-184638-922 O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab -- File Associations ----------------------------------------------------------- .js - JSFile - DefaultIcon - C:\WINNT\System32\WScript.exe,3 .js - JSFile - shell\open\command - C:\WINNT\System32\WScript.exe "%1" %* .scr - scrfile - shell\open\command - "%1" /S "%3" .vbs - VBSFile - DefaultIcon - C:\WINNT\System32\WScript.exe,2 .vbs - VBSFile - shell\open\command - C:\WINNT\System32\WScript.exe "%1" %* .vbs - VBSFile - shell\edit\command - C:\WINNT\System32\Notepad.exe %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 fasttrak - c:\winnt\system32\drivers\fasttrak.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver> R0 WDMCAPI (ISDN PCI CAPI) - c:\winnt\system32\drivers\wdmcapi.sys R1 Cdr4_2K - c:\winnt\system32\drivers\cdr4_2k.sys <Not Verified; Roxio; DirectCD> R1 Cdralw2k - c:\winnt\system32\drivers\cdralw2k.sys <Not Verified; Roxio; DirectCD> R1 VFILT (Outpost Firewall Kernel Driver) - c:\program files\agnitum\outpost firewall\kernel\filtnt.sys <Not Verified; Agnitum Ltd.; Virtual Firewall> R3 ADBLOCK.DLL (Outpost Firewall PlugIn (ADBLOCK.DLL)) - c:\program files\agnitum\outpost firewall\kernel\adblock.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 ARP.DLL (Outpost Firewall PlugIn (ARP.DLL)) - c:\program files\agnitum\outpost firewall\kernel\arp.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 CONTENT.DLL (Outpost Firewall PlugIn (CONTENT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\content.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 DNSCACHE.DLL (Outpost Firewall PlugIn (DNSCACHE.DLL)) - c:\program files\agnitum\outpost firewall\kernel\dnscache.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 FTPFILT.DLL (Outpost Firewall PlugIn (FTPFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\ftpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 HTMLFILT.DLL (Outpost Firewall PlugIn (HTMLFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\htmlfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 HTTPFILT.DLL (Outpost Firewall PlugIn (HTTPFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\httpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 IMAPFILT.DLL (Outpost Firewall PlugIn (IMAPFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\imapfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 MAILFILT.DLL (Outpost Firewall PlugIn (MAILFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\mailfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 NeroCd2k - c:\winnt\system32\drivers\nerocd2k.sys <Not Verified; ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@nero.com; Nero Burning Rom> R3 NNTPFILT.DLL (Outpost Firewall PlugIn (NNTPFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\nntpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 POP3FILT.DLL (Outpost Firewall PlugIn (POP3FILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\pop3filt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 PROTECT.DLL (Outpost Firewall PlugIn (PROTECT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\protect.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 SECRET.DLL (Outpost Firewall PlugIn (SECRET.DLL)) - c:\program files\agnitum\outpost firewall\kernel\secret.dll <Not Verified; Agnitum Ltd.; Outpost Firewall> R3 WDMWANMP (NDIS WAN miniport) - c:\winnt\system32\drivers\wdmwanmp.sys S3 GMSIPCI - d:\install\gmsipci.sys (file missing) S3 mgabg - c:\winnt\system32\drivers\mgabg.sys <Not Verified; Matrox Graphics Inc.; Matrox Graphics Inc. MgaBG> S3 UtilNT - c:\winnt\system32\drivers\utilnt.sys <Not Verified; Matrox Graphics Inc.; Matrox Graphics Inc. UtilNt> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 OutpostFirewall (Outpost Firewall Service) - c:\program files\agnitum\outpost firewall\outpost.exe /service <Not Verified; Agnitum Ltd.; Outpost Firewall> S3 MSSQLServerADHelper - c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe (file missing) -- Files created between 2007-04-07 and 2007-05-07 ----------------------------- 2007-05-03 16:41:00 0 d-------- C:\Program Files\FunWebProducts 2007-05-03 16:40:59 0 d-------- C:\Program Files\hotbar 2007-05-03 12:23:18 218112 --a------ C:\hjt.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis> 2007-05-02 12:04:37 0 d-------- C:\Program Files\Support Tools 2007-04-22 10:04:39 0 d-------- C:\Documents and Settings\Kalevi Savolainen\.DigiKuvat 2007-04-21 21:26:48 0 d-------- C:\Program Files\Common Files\Agnitum Shared 2007-04-21 21:26:47 0 d-------- C:\Program Files\Agnitum 2007-04-20 12:12:54 0 d-------- C:\Program Files\AdwareAlert 2007-04-08 19:22:57 2644 --a------ C:\WINNT\system32\tmp.reg -- Find3M Report --------------------------------------------------------------- 2007-05-07 17:17:51 0 d-------- C:\Documents and Settings\Kalevi Savolainen\Application Data\AVG7 2007-05-03 16:43:49 1010702 ---h----- C:\WINNT\ShellIconCache 2007-05-03 15:58:04 0 d-------- C:\Documents and Settings\Kalevi Savolainen\Application Data\Skype 2007-04-20 12:32:16 512 --a------ C:\ScanSectorLog.dat 2007-04-19 18:21:42 0 d-------- C:\Program Files\Pesonen3 2007-04-12 14:58:21 0 d-------- C:\Program Files\Java 2007-04-11 21:42:52 0 d-------- C:\Program Files\MSN Messenger 2007-04-08 17:56:22 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-04-08 17:45:17 0 d-------- C:\Program Files\Common Files\Real 2007-04-08 17:45:00 0 d-------- C:\Documents and Settings\Kalevi Savolainen\Application Data\Real 2007-04-05 17:02:02 4212 ---h----- C:\WINNT\system32\zllictbl.dat 2007-02-18 12:49:21 785736 --a------ C:\WINNT\system32\gina.scr <Not Verified; Grooveware Multimedia; Screenweaver Shocked Edition> 2007-02-18 12:49:17 140 --a------ C:\UnInstall.dat 2007-02-18 12:47:58 16384 --a------ C:\WINNT\system32\grwinsthlp.exe -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe" "Synchronization Manager"="mobsync.exe /logon" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Matrox Powerdesk"="C:\\WINNT\\system32\\PDesk\\PDesk.exe /Autolaunch" "C-Media Mixer"="Mixer.exe /startup" "tgcmd"="\"C:\\Program Files\\Sonera\\InternetAvustaja\\bin\\tgcmd.exe\" /server /startmonitor /deaf" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "Outpost Firewall"="\"C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe\" /waitservice" "OutpostFeedBack"="C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dumps_startup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "internat.exe"="internat.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://dgl.microsoft.com/previews/j028/j0283179(p).gif HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] rpcss REG_MULTI_SZ RpcSs\0\0 wugroup REG_MULTI_SZ wuauserv\0\0 BITSgroup REG_MULTI_SZ BITS\0\0 -- End of Deckard's System Scanner: finished at 2007-05-07 at 18:56:49 --------- ja sit toi extra: Deckard's System Scanner v20070426.43 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows 2000 Professional (build 2195) SP 4.0 Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6 CPU 0: Intel(R) Pentium(R) 4 CPU 1.80GHz Percentage of Memory in Use: 79% Physical Memory (total/avail): 255.48 MiB / 51.68 MiB Pagefile Memory (total/avail): 1000.93 MiB / 802.53 MiB Virtual Memory (total/avail): 2047.88 MiB / 1991.43 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 18.55 GiB total, 13.95 GiB free. D: is Fixed (NTFS) - 18.73 GiB total, 18.33 GiB free. E: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Kalevi Savolainen\Application Data CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SAVO-11HP37XGVB ComSpec=C:\WINNT\system32\cmd.exe HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Kalevi Savolainen LOGONSERVER=\\SAVO-11HP37XGVB NUMBER_OF_PROCESSORS=1 OS=Windows_NT Os2LibPath=C:\WINNT\system32\os2\dll; Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\\Maestro Learning\Common;C:\Program Files\Support Tools\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0102 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SystemDrive=C: SystemRoot=C:\WINNT TEMP=C:\DOCUME~1\KALEVI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\KALEVI~1\LOCALS~1\Temp USERDOMAIN=SAVO-11HP37XGVB USERNAME=Kalevi Savolainen USERPROFILE=C:\Documents and Settings\Kalevi Savolainen windir=C:\WINNT -- User Profiles --------------------------------------------------------------- Kalevi Savolainen (admin) -- Add/Remove Programs --------------------------------------------------------- Ad-Aware SE Personal --> D:\IT-CARE\AD-AWA~1\UNWISE.EXE D:\IT-CARE\AD-AWA~1\INSTALL.LOG Adobe Acrobat 4.0, 5.0 --> C:\WINNT\ISUN040B.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\UninstFl.exe -q Agnitum Outpost Firewall Pro --> C:\Program Files\Agnitum\Outpost Firewall\uninst.exe AIDA32 v3.90 --> "D:\IT-Care\AIDA32 - Enterprise System Information\unins000.exe" AirXonix version 1.37 --> "C:\Program Files\greenstreet\Games\AirXonix\unins000.exe" AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL Barbie(TM) Prinsessa ja kerjäläistyttö --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\PPauperUn.exe BJ Printer --> C:\WINNT\system32\cnmUnInst.exe -@C:\WINNT\IsUninst.exe -fC:\CanonBJ\DeIsL1.isu -c"C:\CanonBJ\bjinst.dll Canon Utilities PhotoStitch 3.1 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu" Canon Utilities ZoomBrowser EX --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\PROGRAM\uninstallutilities.dll" EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly ffdshow [rev 598] [2006-11-27] --> "D:\Program Files\ffdshow\unins000.exe" Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" HijackThis 1.99.1 --> C:\Documents and Settings\Kalevi Savolainen\Local Settings\Temporary Internet Files\Content.IE5\PZ3V9L8E\HijackThis.exe /uninstall IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Koottu päivitys 1 Windows 2000 SP 4:lle --> "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe" Matrox Graphics Software (remove only) --> C:\WINNT\system32\PDesk\PDUninst.exe Microsoft Access 2000 SR-1 Runtime --> C:\Program Files\Microsoft Office\ART\uninstall.exe /x{004F0409-78E1-11D2-B60F-006097C998E7} Microsoft Office XP Professional --> MsiExec.exe /I{9111040B-6000-11D3-8CFE-0050048383C9} Mozilla Firefox (1.5.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.10 (en-US)" MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816} Muumit ja näkymätön lapsi --> C:\WINNT\unin040b.exe -f"C:\Program Files\Moomin\Moomin 4\DeIsL1.isu" -c"C:\Program Files\Moomin\Moomin 4\_ISREG32.DLL" Muumit ja Taikurin hattu --> C:\WINNT\unin040b.exe -f"C:\Program Files\WSOY\Muumit 3\DeIsL1.isu" -c"C:\Program Files\WSOY\Muumit 3\_ISREG32.DLL" My Web Search (Zwinky) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0} PCI Audio Driver --> cmuninst.exe Pesonen3 --> C:\WINNT\unvise32.exe C:\Program Files\Pesonen3\uninstal.log QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1035 Rölli ja Metsänhenki --> "C:\EK\Rölli ja Metsänhenki\UninstallerData\Uninstall Rolli.exe" RC DareDevil --> C:\WINNT\IsUninst.exe -f"C:\Program Files\eGames\RC DareDevil\RCDDevil.isu" Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe" Sonera Internet Avustaja --> "C:\Program Files\Sonera\InternetAvustaja\unins000.exe" Spybot - Search & Destroy 1.2 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Suojauspäivitys ohjelmistolle Windows 2000 (KB904706) --> "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe" Suojauspäivitys ohjelmistolle Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe" Suojauspäivitys Windows Media Player 6.4:lle (KB925398) --> "C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Suojauspäivitys Windows Media Player 7.1:lle (KB911565) --> "C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe" Suojauspäivitys Windows Media Player 7.1:lle (KB917734) --> "C:\WINNT\$NtUninstallKB917734_WMP7$\spuninst\spuninst.exe" Suojauspäivitys Windows Media Player 9:lle (KB917734) --> "C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Suojauspäivitys Windows Media Playerille (KB911564) --> "C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe" VideoAccess --> "C:\Program Files\VideoAccess\Uninstall.exe" Viidakkokirja, Svengiseikkailu --> C:\WINNT\IsUn040b.exe -fC:\OHJELM~1\DISNEY~1\VIIDAK~1\DeIsL1.isu Windows 2000 Service Pack 4 --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe Windows 2000 Support Tools --> MsiExec.exe /I{242365CD-80F2-11D2-989A-00C04F7978A9} Windows Genuine Advantage v1.3.0254.0 --> MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall Windowsin Blaster-madon poistamistyökalu (KB833330) --> C:\WINNT\$NtUninstallKB833330$\spuninst\spuninst.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe -- End of Deckard's System Scanner: finished at 2007-05-07 at 18:56:49 ---------
Lataa Killbox Option^Explicitiltä. Poista nää kansiot C:\Program Files\FunWebProducts C:\Program Files\AdwareAlert ========== Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi. [*]Tallenna työpöydällesi. [*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman. [*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa. [*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi): C:\WINNT\system32\grwinsthlp.exe [*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard. [*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!). Käynnistä koneesi itse jos se ei sitä automaattisesti tee Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan. =======0 Lataa Dr.Web CureIt työpöydälle: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe [*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan [*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan. [*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata. [*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu. [*]Klikaa vihreää nuolta oikealla ja scan alkaa. [*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston. [*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: [*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa: Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon. [*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list [*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv [*]Sulje Dr.Web Cureit. [*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä. [*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
