F-Secure ei poista. + logi

BoNeLeZz · Aug 11, 2007

Mulla on jotai haittaohjelmia jota ei pysty poistamaan ja joka lagittaa konetta ihan s*******ti. Aina kun mä yritän poistaa sitä niin tulee teksti: "Tätä kohdetta ei voitu käsitellä. Toinen sevellus on saattanut
poistaa tartunan saaneen tiedoston.
Haitta ohjelmien nimet: AdTool.Win32.MyWebSearch ja NewDoNet.

Logfile of HijackThis v1.99.1
Scan saved at 1:42:06, on 11.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Omistaja\Työpöytä\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...bRCoxBOqyo2wRGqEi/ArLjgFEOEmXBEjN4OgVn/EanAXn
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {74F59E40-8312-8BFA-33E6-6FAEEDC8DAA8} - C:\DOCUME~1\HP_OMI~1\APPLIC~1\01LITE~1\64 coal.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hsf] C:\WINDOWS\hsf.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [flagrdrfivewma] C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\ante surf.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [citydash] C:\DOCUME~1\HP_OMI~1\APPLIC~1\WAVEEX~1\Surf one.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/180solutions/ie/Bridge-c139.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://csweb.netgame.com/hero/MLauncher.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pushow3.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Auttaja · Aug 10, 2007

Joo.. elikkä tässä on puhdistamista ihan reilusti.. aloitetaan näin

=======

Ensin lataa LSPfix.exe http://www.cexx.org/lspfix.htm sopivaan sijaintiin (kuten C:\Program Files\LSPFix tai vaikkapa työpöydälle). ÄLÄ aja tätä ohjelmaa vielä. Tätä tulee käyttää VAIN jos internetyhteys häviää NewDotNetin poiston jäljiltä.

NewDotNetin poisto; Mene;

Käynnistä > Ohjauspaneeli > Lisää/Poista sovellus ja hävitä seuraava jos näkyy;

New.Net Applications tai New.Net Domains (Mitä vain mikä sanoo New.Net)

Jos Lisää/Poista sovelluksessa ei ole New.Net listattu, toimi näin.

Varmista että anti-virus ja anti-spyware ohjelmat ovat suljettuna poiston ajan.

Ne saattavat estää New.Netin poiston.

Lataa NNuninstall.exe http://www.new.net/support/NNuninstall.exe

* Tallenna se työpöydällesi.
* Tupla-klikkaa NNuninstall.exe filua.n
* Ohjelma kysyy haluatko poistaa kaikki New.Netin nimet ja osat.
* Klikkaa Yes.
* Klikkaa poiston jälkeen OK.
* Valitse("No - I will restart later).

Jos poisto ei onnistu ja virustorjuntaohjelma(t) estävät poisto-ohjelman ajon kokonaan tai
osittain, tee näin: Irrota koneen verkko- tai modeemijohto koneesta siten, ettei sillä
ole yhteyttä internettiin. Sulje tämän jälkeen virustorjuntaohjelma(t) ja aja
NNuninstall.exe. Laita tämän jälkeen virustorjuntaohjelma(t) takaisin päälle ja
vasta sitten kytke verkko- tai modeemijohto takaisin koneeseen.

Tyhjennä roskakori.

JOS menetät nettiyhteytesi kun olet New.Netin poistanut, tupla-klikkaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta. Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>". Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin. Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix. Tule joltain toiselta koneelta hakemaan lisää neuvoa. (Tämä on vain varotoimenpide, useimmiten netti pysyy ihan kunnossa]

========

Lataa RemAdvertisemen työpöydällesi.
[*]Tuplaklikkaa tiedostoa remadvertisemen.exe
[*]Kun ohjelma on käynnistynyt, klikkaa Start Removal nappia
[*]Odota että ohjelma ilmoittaa: "Done Removal! Please reboot your computer now"
[*]Klikkaa OK ja käynnistä koneesi uudelleen
[*]Lähetä uusi HijackThis loki viestiketjuusi

==========
Luo poistolista:

* Avaa HiJackThis
* Klikkaa "Configure" valintaa oikealla alhaalla
* Klikkaa "Misc Tools"
* Klikkaa boxia joka sanoo "Uninstall Manager"
* Klikkaa valintaa "Save list"
* Kopioi ja liitä kyseinen lista muistiosta postiisi
=======

Eli poistolista ja uusi hijackthislogi nii jatketaa

BoNeLeZz · Aug 11, 2007

Logfile of HijackThis v1.99.1
Scan saved at 12:32:17, on 11.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\DitExp.exe
C:\Documents and Settings\HP_Omistaja\Työpöytä\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...bRCoxBOqyo2wRGqEi/ArLjgFEOEmXBEjN4OgVn/EanAXn
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (file missing)
O2 - BHO: (no name) - {74F59E40-8312-8BFA-33E6-6FAEEDC8DAA8} - C:\DOCUME~1\HP_OMI~1\APPLIC~1\01LITE~1\64 coal.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hsf] C:\WINDOWS\hsf.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [flagrdrfivewma] C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\ante surf.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [citydash] C:\DOCUME~1\HP_OMI~1\APPLIC~1\WAVEEX~1\Surf one.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/180solutions/ie/Bridge-c139.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://csweb.netgame.com/hero/MLauncher.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1 - Suomi
Adobe Shockwave Player
Agere Systems PCI Soft Modem
Battlefield 2(TM)
Battlefield 2: Special Forces
Creative MediaSource
DC++ 0.694
DivX Web Player
dna Nettiturva
Google Toolbar for Internet Explorer
Hamachi 1.0.2.2
Help and Support Additions
Hernline
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix-päivitys Windows XP:lle (KB915865)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.5.3
HP Image Zone Plus 4.5.3
HP Photosmart -kamerat 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HPIZplus450
InCD
InterActual Player
Internet Explorer Secure Plug-in
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
jetAudio Basic
KBD
Logitech Gaming Software
Logitech G-series Keyboard Software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
Multi-Card Reader & Flash Disk
My Web Search (Smiley Central)
Nero 6 Ultra Edition
Nero Digital
Nero Media Player
NVIDIA Drivers
Photosmart 320,370,7400,8100,8400 Series (fin)
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Päivitys Windows XP:lle (KB894391)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB904942)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB911280)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB929338)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB931836)
QuickTime
Rappelz_USA
SafeCast Shared Components
Security Messenger
Shareaza versio 2.2.5.0
Skype 3.0
Skype Plugin Manager
Sonic Express Labeler
Sound Blaster Live! 24-bit
Starcraft Brood War (RAZOR 1911)
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Player 9:lle (KB911565)
Suojauspäivitys Windows Media Player 9:lle (KB917734)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB890046)
Suojauspäivitys Windows XP:lle (KB893066)
Suojauspäivitys Windows XP:lle (KB893756)
Suojauspäivitys Windows XP:lle (KB896358)
Suojauspäivitys Windows XP:lle (KB896422)
Suojauspäivitys Windows XP:lle (KB896423)
Suojauspäivitys Windows XP:lle (KB896424)
Suojauspäivitys Windows XP:lle (KB896428)
Suojauspäivitys Windows XP:lle (KB896688)
Suojauspäivitys Windows XP:lle (KB899587)
Suojauspäivitys Windows XP:lle (KB899591)
Suojauspäivitys Windows XP:lle (KB900725)
Suojauspäivitys Windows XP:lle (KB901017)
Suojauspäivitys Windows XP:lle (KB901190)
Suojauspäivitys Windows XP:lle (KB901214)
Suojauspäivitys Windows XP:lle (KB902400)
Suojauspäivitys Windows XP:lle (KB904706)
Suojauspäivitys Windows XP:lle (KB905414)
Suojauspäivitys Windows XP:lle (KB905749)
Suojauspäivitys Windows XP:lle (KB905915)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB908531)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911567)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB912812)
Suojauspäivitys Windows XP:lle (KB912919)
Suojauspäivitys Windows XP:lle (KB913446)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB917159)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917422)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB918899)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920214)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921398)
Suojauspäivitys Windows XP:lle (KB921883)
Suojauspäivitys Windows XP:lle (KB922616)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924191)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925454)
Suojauspäivitys Windows XP:lle (KB925486)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928090)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB929969)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931768)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933566)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
TeamSpeak 2 RC2
Ventrilo Client
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Safety Alert
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

Onko vielä paljon örkkimörkkejä?

BoNeLeZz · Aug 11, 2007

Tuntuu niin puhtaalta! =D

Auttaja · Aug 11, 2007

Avaa ohjauspaneelin lisää/poista sovellus ja poista seuraavat ohjelmat (jos pystyt)

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
My Web Search (Smiley Central)
SafeCast Shared Components
Windows Safety Alert
Security Messenger

==========

Lataa SmitfraudFix (by S!Ri) työpöydällesi.

Tuplaklikkaa tiedostoa SmitfraudFix.exe

Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

**Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

=========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

======

Eli combo&smitf&hijackthis raportit

BoNeLeZz · Aug 11, 2007

En pystynyt poistamaan näitä kahta tiedostoa.

Smiley Central
Virhe ladattessa: C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsbar.dll

Windows Safety Alert
Virhe ladattessa: C:\WINDOWS\SYSTEM32\czxtyy.dll

Pitikö tuo Java™ 6 update 2 poistaa myös?

Logfile of HijackThis v1.99.1
Scan saved at 14:45:19, on 11.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Omistaja\Työpöytä\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/index
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (file missing)
O2 - BHO: (no name) - {74F59E40-8312-8BFA-33E6-6FAEEDC8DAA8} - C:\DOCUME~1\HP_OMI~1\APPLIC~1\01LITE~1\64 coal.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hsf] C:\WINDOWS\hsf.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [flagrdrfivewma] C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\ante surf.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [citydash] C:\DOCUME~1\HP_OMI~1\APPLIC~1\WAVEEX~1\Surf one.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/180solutions/ie/Bridge-c139.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://csweb.netgame.com/hero/MLauncher.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

________________________________________________________________

SmitFraudFix v2.210

Scan done at 14:19:46,46, la 11.08.2007
Run from C:\Documents and Settings\HP_Omistaja\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Omistaja

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Omistaja\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_OMI~1\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video AX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"="calocarpum"

[HKEY_CLASSES_ROOT\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Paketinajoituksen miniportti
DNS Server Search Order: 213.141.96.251
DNS Server Search Order: 213.141.96.253

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC032431-256B-443C-9290-414DFFFC8DC3}: DhcpNameServer=213.141.96.251 213.141.96.253
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC032431-256B-443C-9290-414DFFFC8DC3}: DhcpNameServer=213.141.96.251 213.141.96.253
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EC032431-256B-443C-9290-414DFFFC8DC3}: DhcpNameServer=213.141.96.251 213.141.96.253
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.141.96.251 213.141.96.253

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
__________________________________________________________________

ComboFix 07-08-09.3 - "HP_Omistaja" 2007-08-11 14:35:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.358.1035.18.571 [GMT 3:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafe.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\cursorcafeA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\games.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\gamesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\buttons\screensaverA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\contexts\Travel.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\cursorcafe.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\cursorcafeA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\games.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\gamesA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\buttons\screensaverA.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\contexts\Travel.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\HP_OMI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\YEKNKB3V\iforex.com
C:\DOCUME~1\HP_OMI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\YEKNKB3V\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\DOCUME~1\HP_OMI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\HP_OMI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\Common Files\WinSoftware
C:\Program Files\Common Files\WinSoftware\FCrXML.dll
C:\Program Files\Common Files\WinSoftware\Prcheck.dll
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\5.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\5.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\5.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\5.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\5.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\5.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\5.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\5.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\5.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\5.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\5.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\5.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\5.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\5.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\5.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\5.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\5.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\5.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\5.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\0003978E
C:\Program Files\MyWebSearch\bar\Cache\000F1B20
C:\Program Files\MyWebSearch\bar\Cache\002ADC88
C:\Program Files\MyWebSearch\bar\Cache\0038A0A4
C:\Program Files\MyWebSearch\bar\Cache\00939280.bin
C:\Program Files\MyWebSearch\bar\Cache\00DBADBB.bin
C:\Program Files\MyWebSearch\bar\Cache\00DBB83A.bin
C:\Program Files\MyWebSearch\bar\Cache\00DBBF6E.bin
C:\Program Files\MyWebSearch\bar\Cache\00DBE9AB.bin
C:\Program Files\MyWebSearch\bar\Cache\00E90811.bin
C:\Program Files\MyWebSearch\bar\Cache\00E91ACE.bin
C:\Program Files\MyWebSearch\bar\Cache\00E92155.bin
C:\Program Files\MyWebSearch\bar\Cache\00E931E0.bin
C:\Program Files\MyWebSearch\bar\Cache\00EF5CFA
C:\Program Files\MyWebSearch\bar\Cache\03A47903
C:\Program Files\MyWebSearch\bar\Cache\055355BB
C:\Program Files\MyWebSearch\bar\Cache\202CCFB7.bin
C:\Program Files\MyWebSearch\bar\Cache\202CD68D.bin
C:\Program Files\MyWebSearch\bar\Cache\202CDCB8.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
C:\Program Files\video ax object
C:\Program Files\video ax object\ot.ico
C:\Program Files\video ax object\SMMON.0XE
C:\Program Files\video ax object\smunst.0xe
C:\Program Files\video ax object\spunst.0xe
C:\Program Files\video ax object\ts.ico
C:\WINDOWS\DOWNLO~1\UWFX5_0001_N56M0311NetInstaller.exe
C:\WINDOWS\hosts
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\system32\f3PSSavr.scr
D:\Autorun.inf

((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))

2007-08-11 14:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 14:21 3,884 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-11 14:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-11 14:18 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-11 14:18 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-06 18:31 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
2007-08-06 12:14 <KANSIO> d-------- C:\DOCUME~1\HP_OMI~1\APPLIC~1\WinRAR
2007-08-06 10:59 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-01 00:42 <KANSIO> d-------- C:\Program Files\GALA-NET
2007-07-19 13:48 <KANSIO> d-------- C:\Program Files\Logitech
2007-07-19 13:48 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 18:37 --------- d-------- C:\Program Files\dna Nettiturva
2007-08-06 18:33 68882 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-06 18:33 363052 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-08-01 00:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 21:27 --------- d-------- C:\Program Files\Hernline
2007-06-12 14:21 --------- d-------- C:\Program Files\paketti1
2007-06-11 19:28 --------- d-------- C:\DOCUME~1\HP_OMI~1\APPLIC~1\Hamachi
2007-05-17 11:22 5187 --a------ C:\WINDOWS\mozver.dat
2007-05-16 18:14 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2006-06-29 21:04 155648 --------- C:\Program Files\Common Files\Y1220OA.0xe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74F59E40-8312-8BFA-33E6-6FAEEDC8DAA8}]
C:\DOCUME~1\HP_OMI~1\APPLIC~1\01LITE~1\64 coal.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}]
C:\Program Files\Video AX Object\bpvol.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0993251-2512-4710-AF6E-0A13EA199D02}"= C:\Program Files\Video AX Object\splug.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 01:34]
"nwiz"="nwiz.exe" [2005-05-12 01:34 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 22:34]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 22:29]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 00:17]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 23:47 C:\WINDOWS\ALCXMNTR.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 00:54]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.exe" [2007-04-26 20:12]
"F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10]
"News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 12:01]
"hsf"="C:\WINDOWS\hsf.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 01:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"Dit"="Dit.exe" [2003-04-22 18:20 C:\WINDOWS\Dit.exe]
"flagrdrfivewma"="C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\ante surf.exe" [2006-04-30 03:56]
"IMprocess"="C:\Program Files\Instant Messenger Names\IM-svr.EXE" []
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 18:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 18:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" []
"citydash"="C:\DOCUME~1\HP_OMI~1\APPLIC~1\WAVEEX~1\Surf one.exe" []
"WinFixer2005"="C:\Program Files\WinFixer_2005\uwfx5.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 05:05]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"= C:\WINDOWS\system32\czxtyx.dll [ ]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\dna Nettiturva\HIPS\fshs.sys
R3 admjoy;Aureal Game Port Enumerator;C:\WINDOWS\system32\DRIVERS\admjoy.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\Fadpu16E.sys
S3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS
S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S3 QCMerced;Logitech QuickCam Messenger;C:\WINDOWS\system32\DRIVERS\LVCM.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S3 XDva004;XDva004;\??\C:\WINDOWS\system32\XDva004.sys
S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys
S3 XDva007;XDva007;\??\C:\WINDOWS\system32\XDva007.sys
S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8616b78-8c6c-11db-95a9-00110912621f}]
AutoRun\command- L:\LaunchU3.exe -a

Contents of the 'Scheduled Tasks' folder
2007-08-11 11:00:00 C:\WINDOWS\Tasks\BAEA3A0B9CC5B8BB.job - c:\docume~1\hp_omi~1\applic~1\waveex~1\real bait hole.exe
2006-08-21 21:38:28 C:\WINDOWS\Tasks\jetAudio.job - C:\PROGRA~1\JetAudio\JetAudio.exe
2007-08-11 09:10:58 C:\WINDOWS\Tasks\Scheduled scanning task.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 14:42:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 14:44:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 14:43

--- E O F ---

Auttaja · Aug 11, 2007

Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

==========
myös uusi HJTlogi

BoNeLeZz · Aug 11, 2007

SmitFraudFix v2.210

Scan done at 23:06:43,35, la 11.08.2007
Run from C:\Documents and Settings\HP_Omistaja\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"="calocarpum"

[HKEY_CLASSES_ROOT\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC032431-256B-443C-9290-414DFFFC8DC3}: DhcpNameServer=213.141.96.251 213.141.96.253
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC032431-256B-443C-9290-414DFFFC8DC3}: DhcpNameServer=213.141.96.251 213.141.96.253
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EC032431-256B-443C-9290-414DFFFC8DC3}: DhcpNameServer=213.141.96.251 213.141.96.253
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.141.96.251 213.141.96.253

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
___________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 23:14:22, on 11.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Documents and Settings\HP_Omistaja\Työpöytä\scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (file missing)
O2 - BHO: (no name) - {74F59E40-8312-8BFA-33E6-6FAEEDC8DAA8} - C:\DOCUME~1\HP_OMI~1\APPLIC~1\01LITE~1\64 coal.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hsf] C:\WINDOWS\hsf.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [flagrdrfivewma] C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\ante surf.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\Instant Messenger Names\IM-svr.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [citydash] C:\DOCUME~1\HP_OMI~1\APPLIC~1\WAVEEX~1\Surf one.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/180solutions/ie/Bridge-c139.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://csweb.netgame.com/hero/MLauncher.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Auttaja · Aug 11, 2007

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (file missing)
O2 - BHO: (no name) - {74F59E40-8312-8BFA-33E6-6FAEEDC8DAA8} - C:\DOCUME~1\HP_OMI~1\APPLIC~1\01LITE~1\64 coal.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [hsf] C:\WINDOWS\hsf.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
Unknown
O4 - HKLM\..\Run: [flagrdrfivewma] C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\ante surf.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\Instant Messenger Names\IM-svr.EXE
O4 - HKCU\..\Run: [citydash] C:\DOCUME~1\HP_OMI~1\APPLIC~1\WAVEEX~1\Surf
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/...Bridge-c139.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fun...tup1.0.0.15.cab
Unknown
O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://csweb.netgame.com/hero/MLauncher.cab'

Tässä ohje miten merkataan:

=======

Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

File::
C:\WINDOWS\Tasks\BAEA3A0B9CC5B8BB.job
C:\WINDOWS\hsf.exe
C:\WINDOWS\Dit.exe
Folder::
C:\Program Files\Instant Messenger Names
C:\DOCUME~1\HP_OMI~1\APPLIC~1\01LITE~1
c:\docume~1\hp_omi~1\applic~1\waveex~1
C:\Program Files\WinFixer_2005
C:\Documents and Settings\All Users\Application Data\thatdentflagrdr

Click to expand...

Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

=========

myös uusi Hijackthislogi

BoNeLeZz · Aug 11, 2007

ComboFix 07-08-09.3 - "HP_Omistaja" 2007-08-12 1:04:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.494 [GMT 3:00]
Command switches used :: C:\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\Tasks\BAEA3A0B9CC5B8BB.job
C:\WINDOWS\hsf.exe
C:\WINDOWS\Dit.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\HP_OMI~1\APPLIC~1\01LITE~1
c:\docume~1\hp_omi~1\applic~1\waveex~1
c:\docume~1\hp_omi~1\applic~1\waveex~1\65F67D88
c:\docume~1\hp_omi~1\applic~1\waveex~1\qtcwzyxw.exe
c:\docume~1\hp_omi~1\applic~1\waveex~1\SURF ONE.0XE
c:\docume~1\hp_omi~1\applic~1\waveex~1\SURF ONE.1XE
c:\docume~1\hp_omi~1\applic~1\waveex~1\tizrvkvg.exe
C:\Documents and Settings\All Users\Application Data\thatdentflagrdr
C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\ante surf.exe
C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\loadtrayabout
C:\Documents and Settings\All Users\Application Data\thatdentflagrdr\Manager Readme.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\Tasks\BAEA3A0B9CC5B8BB.job

((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))

2007-08-11 14:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 14:21 3,552 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-11 14:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-11 14:18 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-11 14:18 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-06 18:31 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
2007-08-06 12:14 <KANSIO> d-------- C:\DOCUME~1\HP_OMI~1\APPLIC~1\WinRAR
2007-08-06 10:59 <KANSIO> d-------- C:\WINDOWS\.jagex_cache_32
2007-08-01 00:42 <KANSIO> d-------- C:\Program Files\GALA-NET
2007-07-19 13:48 <KANSIO> d-------- C:\Program Files\Logitech
2007-07-19 13:48 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 18:37 --------- d-------- C:\Program Files\dna Nettiturva
2007-08-06 18:33 68882 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-06 18:33 363052 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-08-01 00:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 21:27 --------- d-------- C:\Program Files\Hernline
2007-06-12 14:21 --------- d-------- C:\Program Files\paketti1
2007-06-11 19:28 --------- d-------- C:\DOCUME~1\HP_OMI~1\APPLIC~1\Hamachi
2007-05-17 11:22 5187 --a------ C:\WINDOWS\mozver.dat
2007-05-16 18:14 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2006-06-29 21:04 155648 --------- C:\Program Files\Common Files\Y1220OA.0xe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 01:34]
"nwiz"="nwiz.exe" [2005-05-12 01:34 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 22:34]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 22:29]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 00:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 00:54]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.exe" [2007-04-26 20:12]
"F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [2007-04-26 20:10]
"News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 12:01]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 01:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 18:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 18:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 05:05]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\dna Nettiturva\HIPS\fshs.sys
R3 admjoy;Aureal Game Port Enumerator;C:\WINDOWS\system32\DRIVERS\admjoy.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\dna Nettiturva\Anti-Virus\minifilter\fsgk.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp\Fadpu16E.sys
S3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS
S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
S3 QCMerced;Logitech QuickCam Messenger;C:\WINDOWS\system32\DRIVERS\LVCM.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S3 XDva004;XDva004;\??\C:\WINDOWS\system32\XDva004.sys
S3 XDva005;XDva005;\??\C:\WINDOWS\system32\XDva005.sys
S3 XDva007;XDva007;\??\C:\WINDOWS\system32\XDva007.sys
S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\dna Nettiturva\Anti-Virus\Win2K\FSrec.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8616b78-8c6c-11db-95a9-00110912621f}]
AutoRun\command- L:\LaunchU3.exe -a

Contents of the 'Scheduled Tasks' folder
2006-08-21 21:38:28 C:\WINDOWS\Tasks\jetAudio.job - C:\PROGRA~1\JetAudio\JetAudio.exe
2007-08-11 09:10:58 C:\WINDOWS\Tasks\Scheduled scanning task.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 01:09:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 1:11:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 01:11
C:\ComboFix2.txt ... 2007-08-11 14:44

--- E O F ---
__________________________________________________________________

C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Omistaja\Työpöytä\scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Auttaja · Aug 11, 2007

Nonii nyt alkaa pikkuhiljaa näyttää puhtaalta

Moron!

=========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)

Tässä ohje miten merkataan:

==========

Skannaa koneesi Ewido Online Scannerilla

* Lataa Ewido_micro.exe tästä.
* Tallenna tiedosto esimerkiksi työpöydälle.
* Tuplaklikkaa Ewido_micro.exeä työpöydälläsi.
* Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki.
* Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa.
* Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia.
* Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä.
* Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit.
* Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle.
* Klikkaa Remove Infections -nappia.
* Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan.
* Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia.
* Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi
==========

Loistava ohje tietokoneeen nopeuttamiseksi

http://neko.1g.fi/ohje/hidastelua.html

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

ja ewido online skannerin raportti

BoNeLeZz · Aug 12, 2007

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@3.adbrite[1].txt
Risk: Medium

Name: TrackingCookie.Texttbnru
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ad.text.tbn[2].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@ads.adbrite[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@CA593FVZ.txt
Risk: Medium

Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@CA6345SP.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@CAEFG3EJ.txt
Risk: Medium

Name: TrackingCookie.Wegcash
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@clickthrough.wegcash[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@data4.perf.overture[2].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@feedback.search.msn[1].txt
Risk: Medium

Name: TrackingCookie.Iinfo
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@k.iinfo[2].txt
Risk: Medium

Name: TrackingCookie.Komtrack
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@komtrack[2].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@m.webtrends[2].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@search.msn[2].txt
Risk: Medium

Name: TrackingCookie.Skype
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@site.skype[1].txt
Risk: Medium

Name: TrackingCookie.Skype
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@skype[1].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@www.adbrite[1].txt
Risk: Medium

Name: TrackingCookie.Paypal
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@www.paypal[1].txt
Risk: Medium

Name: TrackingCookie.Saxobank
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@www.saxobank[1].txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: C:\Documents and Settings\HP_Omistaja\Cookies\hp_omistaja@yadro[1].txt
Risk: Medium

Name: Adware.Starware
Path: HKU\S-1-5-21-1105696572-157032948-980731481-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1}
Risk: Medium

Name: Adware.Starware
Path: HKU\S-1-5-21-1105696572-157032948-980731481-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5}
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.6:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statistik-gallup
Path: :mozilla.17:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statistik-gallup
Path: :mozilla.21:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.38:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.86:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.87:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.88:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.89:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.90:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.96:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.97:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.98:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.99:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.100:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.101:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.102:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.103:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.104:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.105:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.106:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.107:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.108:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.109:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.110:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.111:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.112:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.113:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.119:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.120:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.121:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.122:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.123:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.124:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.125:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.126:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.127:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.128:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.129:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.130:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.131:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.132:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.133:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.134:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.135:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.136:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.137:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.138:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.139:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.140:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.141:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.142:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.143:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.144:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.145:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.146:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.147:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.148:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.149:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.150:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.151:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.152:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.153:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.154:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.155:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.156:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.157:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.167:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.168:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.169:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.170:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.172:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.173:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.174:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.205:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.206:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.207:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.208:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.211:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.212:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.213:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.214:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.215:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.216:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.217:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.218:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.233:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.234:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.235:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.236:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.237:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.238:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.239:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.240:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.241:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.242:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.243:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.244:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.245:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.246:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.247:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.248:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.249:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.250:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.251:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.252:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.254:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.255:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.256:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.257:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.258:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.260:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.263:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.264:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.265:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.266:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.267:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.268:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.269:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.270:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.271:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.272:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.273:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.274:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.275:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.276:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.277:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.278:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.279:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.280:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.281:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.282:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.283:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.288:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.309:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.310:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.328:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.329:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.330:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.344:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.345:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.346:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.350:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.363:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.364:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.421:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.422:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Com
Path: :mozilla.423:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.463:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.478:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.487:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.488:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.489:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.490:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.491:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.492:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.493:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.494:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.499:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paypal
Path: :mozilla.504:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.510:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.511:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.512:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.513:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.514:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.515:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.533:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.534:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.535:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.569:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitslink
Path: :mozilla.588:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.658:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.682:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.683:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.688:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.689:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.690:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.691:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.692:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.693:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.696:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.697:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.698:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.699:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.700:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.701:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.702:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.721:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.739:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.759:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.776:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.777:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.778:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Dealtime
Path: :mozilla.779:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.791:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.792:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.795:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.796:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.798:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.812:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.813:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.814:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.854:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.855:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.856:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: :mozilla.872:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.877:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.878:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.881:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.882:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.883:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.884:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.885:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Specificclick
Path: :mozilla.886:C:\Documents and Settings\HP_Omistaja\Application Data\Mozilla\Firefox\Profiles\r1b12zie.default\cookies.txt
Risk: Medium

Name: Downloader.PurityScan.dc
Path: C:\Program Files\Common Files\Y1220OA.0xe
Risk: High

Name: Adware.Winfixer
Path: C:\QooBox\Quarantine\C\Program Files\Common Files\WinSoftware\FCrXML.dll.vir
Risk: Medium

Name: Adware.ErrorSafe
Path: C:\QooBox\Quarantine\C\Program Files\Common Files\WinSoftware\Prcheck.dll.vir
Risk: Medium

Name: Downloader.Zlob.ava
Path: C:\QooBox\Quarantine\C\Program Files\Video AX Object\SMMON.0XE.vir
Risk: High

Name: Downloader.Zlob.avb
Path: C:\QooBox\Quarantine\C\Program Files\Video AX Object\smunst.0xe.vir
Risk: High

Name: Downloader.Zlob.bsi
Path: C:\QooBox\Quarantine\C\Program Files\Video AX Object\spunst.0xe.vir
Risk: High

Name: Not-A-Virus.Downloader.Win32.WinFixer.c
Path: C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWFX5_0001_N56M0311NetInstaller.exe.vir
Risk: Low

Name: Adware.NewDotNet
Path: C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_38.exe.vir
Risk: Medium

Name: Adware.ErrorSafe
Path: C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP512\A0074280.dll
Risk: Medium

Name: Trojan.Renos.naw
Path: C:\WINDOWS\system32\czxtyx.0ll
Risk: High

____________________________________________________________________

Deckard's System Scanner v20070809.63
Run by HP_Omistaja on 2007-08-12 at 13:17:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
52: 2007-08-12 10:17:42 UTC - RP514 - Deckard's System Scanner Restore Point
51: 2007-08-11 22:04:44 UTC - RP513 - ComboFix created restore point
50: 2007-08-11 11:35:43 UTC - RP512 - ComboFix created restore point
49: 2007-08-11 11:09:19 UTC - RP511 - Removed Java(TM) SE Runtime Environment 6 Update 1
48: 2007-08-11 11:08:18 UTC - RP510 - Removed Java 2 Runtime Environment, SE v1.4.2_03

-- First Restore Point --
1: 2007-05-08 19:13:20 UTC - RP463 - Järjestelmän tarkistuspiste

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as HP_Omistaja.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:18:37, on 12.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\Program Files\dna Nettiturva\FSAUA\program\fsus.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Documents and Settings\HP_Omistaja\Työpöytä\Deckard's System Scanner.exe
C:\DOCUME~1\HP_OMI~1\TYPYT~1\HP_Omistaja.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\dna nettiturva\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 intelppm (Intel-suoritinohjain) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 catchme - c:\docume~1\hp_omi~1\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 Fadpu16E - c:\docume~1\hp_omi~1\locals~1\temp\fadpu16e.sys (file missing)
S3 XDva004 - c:\windows\system32\xdva004.sys (file missing)
S3 XDva005 - c:\windows\system32\xdva005.sys (file missing)
S3 XDva007 - c:\windows\system32\xdva007.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless PCI 802.11b/g adapter WN4201B
Device ID: PCI\VEN_1260&DEV_3890&SUBSYS_42031113&REV_01\4&1C88B56&0&00A4
Manufacturer: Accton
Name: Wireless PCI 802.11b/g adapter WN4201B
PNP Device ID: PCI\VEN_1260&DEV_3890&SUBSYS_42031113&REV_01\4&1C88B56&0&00A4
Service: PRISM_A00

-- Scheduled Tasks -------------------------------------------------------------

2007-08-12 12:09:24 550 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job
2006-08-22 00:38:28 292 --a------ C:\WINDOWS\Tasks\jetAudio.job

-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-12 12:18:50 0 d-------- C:\Program Files\CCleaner
2007-08-11 14:21:45 3552 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-11 14:19:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-11 14:18:59 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-11 14:18:52 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-06 18:31:36 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-08-06 12:14:38 0 d-------- C:\Documents and Settings\HP_Omistaja\Application Data\WinRAR
2007-08-06 10:59:00 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-08-01 00:42:45 0 d-------- C:\Program Files\GALA-NET
2007-07-19 13:48:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-07-19 13:48:09 0 d-------- C:\Program Files\Logitech

-- Find3M Report ---------------------------------------------------------------

2007-08-11 14:38:16 0 d-------- C:\Program Files\Common Files
2007-08-11 14:09:28 0 d-------- C:\Program Files\Java
2007-08-06 18:37:27 0 d-------- C:\Program Files\dna Nettiturva
2007-08-06 18:33:29 363052 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-08-06 18:33:29 68882 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-01 00:42:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 21:27:37 0 d-------- C:\Program Files\Hernline
2007-06-12 14:21:06 0 d-------- C:\Program Files\paketti1
2007-05-17 11:22:15 5187 --a------ C:\WINDOWS\mozver.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07.05.1998 19:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12.05.2005 01:34]
"nwiz"="nwiz.exe" [12.05.2005 01:34 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [29.06.2004 20:06 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [07.06.2004 22:34]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [07.06.2004 22:29]
"KBD"="C:\HP\KBD\KBD.EXE" [11.02.2003 22:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14.04.2004 23:43]
"PS2"="C:\WINDOWS\system32\ps2.exe" [26.10.2004 00:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [15.10.2004 00:54]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [17.09.2003 10:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11.05.2000 01:00]
"F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.exe" [26.04.2007 20:12]
"F-Secure TNB"="C:\Program Files\dna Nettiturva\FSGUI\TNBUtil.exe" [26.04.2007 20:10]
"News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [31.05.2005 15:45]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [25.07.2005 12:01]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12.05.2005 01:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [06.03.2006 18:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [06.03.2006 18:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19.01.2007 13:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 19:24]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [05.02.2007 05:05]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5.11.2004 3:28:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8616b78-8c6c-11db-95a9-00110912621f}]
AutoRun\command- L:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2007-08-12 at 13:22:27 ---------
____________________________________________________________________

Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Athlon(tm) 64 Processor 3200+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1022.48 MiB / 608.75 MiB
Pagefile Memory (total/avail): 2459.59 MiB / 2097.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1959.14 MiB

C: is Fixed (NTFS) - 179.33 GiB total, 88.41 GiB free.
D: is Fixed (FAT32) - 6.96 GiB total, 3.7 GiB free.
E: is CDROM (UDF)
F: is CDROM (UDF)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Fixed (NTFS) - 149.04 GiB total, 148.89 GiB free.

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: dna Nettiturva 7.00 v7.00 (F-Secure Corporation)
AV: dna Nettiturva 7.00 v7.00 (F-Secure Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Omistaja\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-B62381BA23
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Omistaja
LOGONSERVER=\\YOUR-B62381BA23
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_OMI~1\LOCALS~1\Temp
USERDOMAIN=YOUR-B62381BA23
USERNAME=HP_Omistaja
USERPROFILE=C:\Documents and Settings\HP_Omistaja
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

HP_Omistaja (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SB Live! 24-bit\Program\Ctzapxx.EXE" /U /S
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"News Service"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\dna Nettiturva\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0.1 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
DC++ 0.694 --> "C:\Program Files\DC++\uninstall.exe"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dna Nettiturva --> "C:\Program Files\dna Nettiturva\FSGUI\PostInstall.exe" /tUnInstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
Hernline --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7595CCFC-953D-4EF3-896F-6993A4013C60}\setup.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\HP_Omistaja\Työpöytä\HijackThis.exe /uninstall
Hotfix-päivitys Windows XP:lle (KB915865) --> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.5.3 --> C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart -kamerat 4.0 --> C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450 --> MsiExec.exe /X{7B98685A-4E21-4A4F-A2D6-DC557042BADA}
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Secure Plug-in --> "C:\Program Files\Video AX Object\spunst.exe"
InterVideo DiscLabel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
jetAudio Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Logitech G-series Keyboard Software --> MsiExec.exe /X{5A080213-5AEC-4BF2-BB32-796EB0E421EC}
Logitech Gaming Software --> MsiExec.exe /X{FAAA508A-05C0-488B-BFC2-F9217E545A81}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multi-Card Reader & Flash Disk --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9
My Web Search (Smiley Central) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsbar.dll,O
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Photosmart 320,370,7400,8100,8400 Series (fin) --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Rappelz_USA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}\setup.exe" -l0x9 -removeonly
Search Plugin --> C:\DOCUME~1\HP_OMI~1\APPLIC~1\WAVEEX~1\Surf one.exe -uninstall
Shareaza versio 2.2.5.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sound Blaster Live! 24-bit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{734BB64A-5A3D-4624-867D-6358B7068496}\SETUP.EXE" -l0x9
Starcraft Brood War (RAZOR 1911) --> C:\WINDOWS\rzrunins.exe C:\BROOD\rzrunins.lo1
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

-- Application Event Log -------------------------------------------------------

Event ID #15919: Error
Event Submitted/Written: 08/12/2007 01:18:29 PM
Event Source: F-Secure Anti-Virus
Event Description:
1 2007-08-12 13:18:29+03:00 your-b62381ba23 YOUR-B62381BA23\HP_Omistaja F-Secure Anti-Virus
Spyware detected:
Type: adware
Family:
Name: AdWare.Win32.NewDotNet
Object: C:\Documents and Settings\HP_Omistaja\Työpöytä\NNuninstall.exe

Event ID #15912: Success
Event Submitted/Written: 08/12/2007 01:13:27 PM
Event Source: usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event ID #15907: Warning
Event Submitted/Written: 08/12/2007 01:10:55 PM
Event Source: Userenv
Event Description:
Windows tallensi käyttäjän YOUR-B62381BA23\HP_Omistaja rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.

Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

Event ID #15906: Error
Event Submitted/Written: 08/12/2007 00:59:09 PM
Event Source: F-Secure Anti-Virus
Event Description:
49 2007-08-12 12:59:09+03:00 your-b62381ba23 YOUR-B62381BA23\HP_Omistaja F-Secure Anti-Virus
Manual scanning was finished - spyware was found in the system.

Event ID #15905: Error
Event Submitted/Written: 08/12/2007 00:50:36 PM
Event Source: F-Secure Anti-Virus
Event Description:
48 2007-08-12 12:50:36+03:00 your-b62381ba23 YOUR-B62381BA23\HP_Omistaja F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: RiskTool.Win32.PsKill
Object: C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP513\A0074516.exe

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event ID #29025: Error
Event Submitted/Written: 08/12/2007 01:06:46 AM
Event Source: Service Control Manager
Event Description:
Palvelua combofix ei voi käynnistää. Virhekoodi on
%%1053

Event ID #29024: Error
Event Submitted/Written: 08/12/2007 01:06:46 AM
Event Source: Service Control Manager
Event Description:
Aikakatkaisu (30000 ms) odottaa palvelun combofix yhdistymistä.

Event ID #28995: Error
Event Submitted/Written: 08/11/2007 11:10:13 PM
Event Source: DCOM
Event Description:
DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun EventSystem argumenteilla ""
suorittaakseen palvelinosan:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event ID #28994: Error
Event Submitted/Written: 08/11/2007 11:10:04 PM
Event Source: DCOM
Event Description:
DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun StiSvc argumenteilla ""
suorittaakseen palvelinosan:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event ID #28993: Error
Event Submitted/Written: 08/11/2007 11:09:51 PM
Event Source: DCOM
Event Description:
DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun netman argumenteilla ""
suorittaakseen palvelinosan:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

-- End of Deckard's System Scanner: finished at 2007-08-12 at 13:22:27 ---------

Auttaja · Aug 12, 2007

hyvä

täll voit viel tarkistaa jos jaksat

Kaspersky online-skanneri

Skannaa koneesi Kaspersky Online Skannerilla

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.
[*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
[*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
[*] Klikkaa nyt asetuksia, Scan Settings
[*] Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

[*] Klikkaa OK
[*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
[*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
[*] Klikkaa nyt Save as Text-painiketta.
[*] Tallenna tiedosto työpöydällesi.
[*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

jos et..

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

BoNeLeZz · Aug 12, 2007

kthxbye
E: mistä löytyy toi 2. Valitse Properties/ominaisuudet?

BoNeLeZz · Aug 12, 2007

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Hujo · Aug 14, 2007

Poista tuo lisää poista sovelutuksesta

My Web Search

==================

Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

Log in or Sign up

F-Secure ei poista. + logi

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

BoNeLeZz Member

Hujo Guest

Share This Page

Log in or Sign up

F-Secure ei poista. + logi

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

Auttaja Guest

BoNeLeZz Member

BoNeLeZz Member

Hujo Guest

Share This Page

Useful Searches