HJT. Löytyykö mitään?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:41, on 14.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wupeng.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/?s=lightningst...1&bd2=51&bd3=180&ipc=FI&sd1=58&sd2=60&sd3=207
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Plaza Oy
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [VirtualMDAClient] C:\Documents and Settings\Teija Silvennoinen\VirtualMDA.exe
O4 - HKLM\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [_WinMain] C:\WINDOWS\winexec.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [Winupdate Engine] C:\WINDOWS\system32\wupeng.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [JyvePro] C:\Program Files\Jyve\JyvePro\JyvePro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060511/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://66.171.196.82:50000/SysCamInst.cab
O16 - DPF: {35B9DBE4-5284-46B3-9E0F-919364B22F02} (Test Class) - http://adult.www.worldgroups.com/atlweb1.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135158772859
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/hVideoContol.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O24 - Desktop Component 0: (no name) - http://www.nordea.fi/s/files/gifs/p_logo.gif

--
End of file - 10238 bytes

 

moi
Poista lisää/poista sovelluksen kautta AskTBar

Poista kansio C:\Program Files\AskTBar


Tee uusi hjt-scannaus Do a System scan only
Sulje kaikki muut ikkunat ja selaimen.Merkkaa nämä rivit ja paina Fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [_WinMain] C:\WINDOWS\winexec.exe
O4 - HKLM\..\Run: [Winupdate Engine] C:\WINDOWS\system32\wupeng.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZNfox000
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)


1. Lataa combofix.exe työpöydällesi mistä tahansa alla olevasta linkistä:
Linkki 1
Linkki 2
Linkki 3

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi + uusi hjt-loki.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Tein niinku käskit. Täs ois nää logit...

ComboFix 08-01-18.4 - Teija Silvennoinen 2008-01-18 8:31:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.208 [GMT 2:00]
Running from: C:\Documents and Settings\Teija Silvennoinen\Työpöytä\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\Starware316
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316
C:\Documents and Settings\Joni\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Joni\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\Joni\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Joni\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Joni\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Joni\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Joni\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Hotbar
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbarcom.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtone.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbarcom.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Teija Silvennoinen\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Program Files\MalwareCrush
C:\Program Files\MalwareCrush\ignored.lst
C:\Program Files\MalwareCrush\MalwareCrush.exe
C:\Program Files\MalwareCrush\mc.ini
C:\WINDOWS\Downloaded Program Files.\hotbar.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\cfg.dat
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2007-12-18 to 2008-01-18 )))))))))))))))))
.

2008-01-18 08:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 08:17 . 2007-05-04 20:18 245,760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-01-17 12:34 . 2008-01-17 12:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-17 12:28 . 2008-01-17 12:29 <KANSIO> d-------- C:\Program Files\CCleaner
2008-01-07 14:08 . 2008-01-18 08:39 <KANSIO> d-------- C:\Program Files\Trojan Remover
2008-01-07 14:08 . 2008-01-07 14:08 <KANSIO> d-------- C:\Documents and Settings\Teija Silvennoinen\Application Data\Simply Super Software
2008-01-07 14:08 . 2008-01-07 14:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-07 14:08 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-07 14:08 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-01-07 14:08 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-07 14:08 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-07 14:08 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-07 13:57 . 2008-01-07 13:57 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-01-07 12:09 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-01-07 12:09 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-07 12:09 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-07 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-07 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-07 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-07 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-07 12:08 . 2008-01-07 12:08 <KANSIO> d-------- C:\Program Files\Sygate
2008-01-07 10:43 . 2008-01-07 10:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-07 10:43 . 2008-01-07 10:47 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-07 10:41 . 2008-01-07 12:01 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-07 10:40 . 2008-01-07 12:01 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-01-07 10:21 . 2008-01-07 10:33 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer
2008-01-05 13:48 . 2008-01-05 13:48 12,288 --a------ C:\WINDOWS\system32\wupeng.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 06:40 --------- d-----w C:\Documents and Settings\Teija Silvennoinen\Application Data\Skype
2008-01-17 11:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 10:28 --------- d-----w C:\Program Files\Yahoo!
2008-01-07 10:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 15:17 --------- d-----w C:\Documents and Settings\Teija Silvennoinen\Application Data\OpenOffice.org2
2007-12-08 05:37 --------- d-----w C:\Documents and Settings\Teija Silvennoinen\Application Data\gtk-2.0
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-30 13:46 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-23 00:19 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe
2003-04-25 12:00 94,800 --sh--w C:\WINDOWS\twain.dll
2004-09-14 23:11 50,688 --sh--w C:\WINDOWS\twain_32.dll
2007-07-31 11:27 88 --sh--r C:\WINDOWS\system32\5AA3383D26.sys
2007-07-31 11:27 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-09-14 23:11 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2007-05-17 11:30 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-09-14 23:11 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-09-14 23:12 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49 4670968]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"JyvePro"="C:\Program Files\Jyve\JyvePro\JyvePro.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 14:59 57344 C:\WINDOWS\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 11:33 299008]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" [ ]
"mswspl"="" []
"VirtualMDAClient"="C:\Documents and Settings\Teija Silvennoinen\VirtualMDA.exe" [ ]
"FSCBoss"="C:\Program Files\FSCBoss\FSCBoss.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 09:56 180269]
"Instant Buzz Daemon"="C:\Program Files\Instant Buzz\IBDaemon.exe" [ ]
"Piolet"="C:\PROGRA~1\Piolet\Piolet.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-21 11:38 282624]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"trioService"="C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe" [ ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-25 13:33 735824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12 15360]

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 09:48]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 17:07]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2007-12-14 07:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 08:40:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 8:42:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 06:42:29
.
2008-01-12 04:04:35 --- E O F ---



Ja HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:23, on 18.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [VirtualMDAClient] C:\Documents and Settings\Teija Silvennoinen\VirtualMDA.exe
O4 - HKLM\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [JyvePro] C:\Program Files\Jyve\JyvePro\JyvePro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060511/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://66.171.196.82:50000/SysCamInst.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {35B9DBE4-5284-46B3-9E0F-919364B22F02} (Test Class) - http://adult.www.worldgroups.com/atlweb1.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135158772859
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/hVideoContol.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O24 - Desktop Component 0: (no name) - http://www.nordea.fi/s/files/gifs/p_logo.gif

--
End of file - 8721 bytes

 

jatketaan...

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.


Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
*Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
*Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
*Käynnistä AVG Anti-Spyware.
*Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
*Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

*Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
*Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
*Sitten "Reports" valikon alta:
*Ota täppi pois kohdasta "Do not Automatically generate report"
*Ota täppi pois kohdasta"Only if threats were found"

*Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
*"Resident shield is", muuta tila active:sta inactive:ksi
*Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, Ohje!

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
*Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
*Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
*AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
*Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
*Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

*Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
*Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
*Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.

Lähetä combon loki ja avg-loki ja uusi hjt-loki

 

Kas tässä tää Conbofix:in tulos.

ComboFix 08-01-18.4 - Teija Silvennoinen 2008-01-21 8:36:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.183 [GMT 2:00]
Running from: C:\Documents and Settings\Teija Silvennoinen\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Teija Silvennoinen\Omat tiedostot\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\System32\msmc.exe
C:\WINDOWS\system32\wupeng.exe
C:\WINDOWS\winexec.exe
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wupeng.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-12-21 to 2008-01-21 )))))))))))))))))
.

2008-01-18 08:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 12:34 . 2008-01-17 12:34 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-17 12:28 . 2008-01-17 12:29 <KANSIO> d-------- C:\Program Files\CCleaner
2008-01-07 14:08 . 2008-01-21 07:41 <KANSIO> d-------- C:\Program Files\Trojan Remover
2008-01-07 14:08 . 2008-01-07 14:08 <KANSIO> d-------- C:\Documents and Settings\Teija Silvennoinen\Application Data\Simply Super Software
2008-01-07 14:08 . 2008-01-07 14:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-07 14:08 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-07 14:08 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-01-07 14:08 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-07 14:08 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-07 14:08 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-07 13:57 . 2008-01-07 13:57 <KANSIO> dr------- C:\Documents and Settings\NetworkService\Suosikit
2008-01-07 12:09 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-01-07 12:09 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-07 12:09 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-07 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-07 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-07 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-07 12:09 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-07 12:08 . 2008-01-07 12:08 <KANSIO> d-------- C:\Program Files\Sygate
2008-01-07 10:43 . 2008-01-07 10:43 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-07 10:43 . 2008-01-07 10:47 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-07 10:41 . 2008-01-07 12:01 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-07 10:40 . 2008-01-07 12:01 <KANSIO> d-------- C:\WINDOWS\Internet Logs
2008-01-07 10:21 . 2008-01-07 10:33 <KANSIO> d-------- C:\Program Files\EMCO Malware Destroyer

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 05:42 --------- d-----w C:\Documents and Settings\Teija Silvennoinen\Application Data\Skype
2008-01-18 08:56 --------- d-----w C:\Documents and Settings\Teija Silvennoinen\Application Data\OpenOffice.org2
2008-01-17 11:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 10:28 --------- d-----w C:\Program Files\Yahoo!
2008-01-07 10:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 05:37 --------- d-----w C:\Documents and Settings\Teija Silvennoinen\Application Data\gtk-2.0
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-30 13:46 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-23 00:19 15,180,000 ----a-w C:\Program Files\gimp-2.4.2-i686-setup.exe
2007-11-07 09:28 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 722,432 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:56 8,458,752 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 07:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 07:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2003-04-25 12:00 94,800 --sh--w C:\WINDOWS\twain.dll
2004-09-14 23:11 50,688 --sh--w C:\WINDOWS\twain_32.dll
2007-07-31 11:27 88 --sh--r C:\WINDOWS\system32\5AA3383D26.sys
2007-07-31 11:27 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-09-14 23:11 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2007-05-17 11:30 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-09-14 23:11 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-09-14 23:12 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-18_ 8.42.00.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 06:31:08 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 06:36:18 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 06:31:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 06:36:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 06:31:08 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-21 06:36:19 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 06:31:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 06:36:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 06:31:08 7,532,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-21 06:36:19 7,548,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-18 06:31:09 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 06:36:19 258,048 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 05:40:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_570.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49 4670968]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"JyvePro"="C:\Program Files\Jyve\JyvePro\JyvePro.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 14:59 57344 C:\WINDOWS\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10 335872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 11:33 299008]
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" [ ]
"VirtualMDAClient"="C:\Documents and Settings\Teija Silvennoinen\VirtualMDA.exe" [ ]
"FSCBoss"="C:\Program Files\FSCBoss\FSCBoss.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 09:56 180269]
"Instant Buzz Daemon"="C:\Program Files\Instant Buzz\IBDaemon.exe" [ ]
"Piolet"="C:\PROGRA~1\Piolet\Piolet.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-21 11:38 282624]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"trioService"="C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe" [ ]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-25 13:33 735824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12 15360]

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 09:48]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 17:07]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-01-18 07:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 08:38:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 8:39:57
ComboFix-quarantined-files.txt 2008-01-21 06:39:35
ComboFix2.txt 2008-01-18 06:42:47
.
2008-01-12 04:04:35 --- E O F ---


Ja nyt jatkan sitten vikasietotilaan...

 

Tässäpä AVG- loki

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:19:09 21.1.2008

+ Scan result:



C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3ABSPLAT.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3ACCUQ.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3AMERS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3ASKNOW2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3CARQ.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3CARQ2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3CCB.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3CHOCPBMM.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3CHRISMORT.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3CREDITCARD.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3DIRTYH.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3ENDOMET.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3FREECS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3FREEIPOD.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3FREEIPOD2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3FREEXBOX.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3HAIRLOSS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3HYDRO.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3KAN1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3KAN10.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3KAN11.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3KAN12.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3KAN2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3KAN6.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3KAN7.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3LEXREPAIR.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3LMORON.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3LOWRATE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3MYDISH.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3MYINKS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3NETFLIX2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3ODYSSEY.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3PARTYPOKER.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3PASSION.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3PCHSWEEPS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3POP.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3SPORTSINT.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3SUPERIOR.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI3WEIGHTL.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI4AFF.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASI5AFF.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASICLRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIEPRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIPP.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASIRCPRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASISS2RE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\ASISSRE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\EECH1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\MYGEEK.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\SPECAUTO.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\SPECENTER.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\SPZ3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPC.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPD.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPE.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPF.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPFAM.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPFI.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPFIN.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPG.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPH.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPHL.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPJ.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPM.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPMTV.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPN.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPR.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPS.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPSHOP.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPSP.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bsx32\TMPW.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKU\S-1-5-21-2084665824-2935464171-2662393370-1005\Software\CashFiesta -> Adware.CashFiesta : Cleaned with backup (quarantined).
HKU\S-1-5-21-2084665824-2935464171-2662393370-1005\Software\CashFiesta\Cashfiesta -> Adware.CashFiesta : Cleaned with backup (quarantined).
HKU\S-1-5-21-2084665824-2935464171-2662393370-1005\Software\CashFiesta\Cashfiesta\Config -> Adware.CashFiesta : Cleaned with backup (quarantined).
HKU\S-1-5-21-2084665824-2935464171-2662393370-1005\Software\CashFiesta\Cashfiesta\Install -> Adware.CashFiesta : Cleaned with backup (quarantined).
HKU\S-1-5-21-2084665824-2935464171-2662393370-1005\Software\CashFiesta\Cashfiesta\Update -> Adware.CashFiesta : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195416.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195428.exe -> Adware.RK : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1191\A0194860.exe -> Downloader.Agent.eyv : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.75:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.80:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.6:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.28:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.38:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.39:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.40:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.41:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.42:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.43:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.44:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.45:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.27:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.10:C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\t1byqd7f.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.11:C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\t1byqd7f.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.12:C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\t1byqd7f.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\oaiih0fl.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\oaiih0fl.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.97:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.9:C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\t1byqd7f.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.64:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.87:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.91:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Teija Silvennoinen\Cookies\teija_silvennoinen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\8hb8lyek.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Joni\Cookies\joni@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end



Ja sitten vielä HJT- loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:59, on 21.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [VirtualMDAClient] C:\Documents and Settings\Teija Silvennoinen\VirtualMDA.exe
O4 - HKLM\..\Run: [FSCBoss] C:\Program Files\FSCBoss\FSCBoss.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [Piolet] C:\PROGRA~1\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\Living 3D Dolphins\trioService.exe "
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [JyvePro] C:\Program Files\Jyve\JyvePro\JyvePro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060511/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://66.171.196.82:50000/SysCamInst.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {35B9DBE4-5284-46B3-9E0F-919364B22F02} (Test Class) - http://adult.www.worldgroups.com/atlweb1.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135158772859
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/hVideoContol.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by7fd.bay7.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O24 - Desktop Component 0: (no name) - http://www.nordea.fi/s/files/gifs/p_logo.gif

--
End of file - 9188 bytes


Tästähän tulikin aikamoinen projekti...

 

Skannaa koneesi Kaspersky Online Skannerilla
Käytä Internet Explorer
Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

• Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
• Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
• Klikkaa nyt asetuksia, Scan Settings
• Tarkista asetuksista, että seuraavat ovat valittuina:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (Jos valittavissa, muuten valitse Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Klikkaa OK
• Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
• Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
• Klikkaa nyt Save as Text-painiketta.
• Tallenna tiedosto työpöydällesi.
• Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

 

Nyt tuli probleema. Kapersky kyllä skannas ja löysikii viruksia, mutta se jymähti! Ilmotti vaan että sivulla tapahtunut virhe?? Laitoin sen nyt toisen kerran skannaamaan, mut näyttää sille ettei se löydä niitä viruksia mitä aikasemmin.

Joo-o. Se ei anna raporttia minkä sais tallennettua. Mitäs nyt!?

 

Tällasen mie sain siitä irti.


Welcome to the Kaspersky Online Scanner! Use it to scan your PC for viruses and other malware for free
Warning: if you have installed Kaspersky Online Scanner Pro, please manually uninstall it using "Add/Remove Programs" before installing this version! Otherwise this version will not function correctly.

Benefits:


Kaspersky Anti-Virus exceptional detection rates and thorough scanning
Hourly AV database updates available each time the Online Scanner is launched
Heuristic analysis to detect unknown viruses
Simple installation (just click on a link)

Requirements and limitations:


When using this service for the first time, you have to run with Administrator privileges in order to install the product. Also, you will need to download and install files about 400 KB in size followed by 9 MB of virus definitions.
However, if you use the Online Scanner again, you will only need to download the files that have been updated since your last scan.
The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner work only with MS Internet Explorer 6.0 or higher.
We cannot guarantee that the Online Scanner will function correctly if you are using any other browser or any Internet Explorer extensions (such as AvantBrowser). If you use a different browser, you can use the Kaspersky File Scanner to scan individual files.
The free Kaspersky Online Scanner does not scan boot sectors and MBRs, so it cannot detect malicious code located in these areas.
Please note: The free Kaspersky Online Scanner does not protect against malicious code, and cannot prevent future infections. It only detects malware that has already penetrated your computer. We strongly recommend that you install a full antivirus solution to protect your system.

Privacy statement:

The Kaspersky Online Scanner will collect information about the malicious programs found on your computer during the scanning process. The information will be sent to the Kaspersky Virus Lab for statistical purposes. No personal information about you or specific information about your system will be collected or transmitted to Kaspersky Lab.











Select: All, None, Suspicious Selected objects: 0




Scan settings:
Here you can configure the scanning process.

Scan using the following antivirus database:
standard - detect viruses, worms, Trojans, rootkits
extended - protect your computer from Spyware, adware, dialers and potentially dangerous software such as remote access utilities, prank programs and jokes. We do not recommend this option to beginners or inexperienced users.

Scan options:
Scan Archives - scan files inside archives
Note: affects all targets except 'A File...' scan target.
Scan Mail Bases - scan e-mails/attachments inside mail base files
Note: affects all targets except 'My Email' and 'A File...' scan targets.







Initialize Kaspersky Online Scanner
(downloading and installing Kaspersky Online Scanner ActiveX from the server into your computer)




Update Kaspersky Anti-Virus Databases [100%]:
(downloading and installing the latest Kaspersky Anti-Virus Databases)




Please wait to update the virus definitions...
Downloading from url: http://dnl-eu6.kaspersky-labs.com
Downloading remote file: master.xml
Update finished. Ready to scan.
Next
Please select a target to scan:
You can configure the scanning process by pressing "Scan Settings" button.



Critical Areas
scan critical areas of your hard disks
specified in %windir% and %tmp% system variables
Memory
scan disk modules of running processes
My Computer
scan all your hard and mapped disks
My Email
scan all your hard and mapped disks only for the following extensions: *.PST; *.MSG; *.OST; *.MDB; *.DBX; *.EML; *.MBS
Folders...
scan selected folders
A File...
scan a one file





Warning: The Kaspersky Online Scanner may not run successfully while any other Anti-Virus software is running. If you have Anti-Virus software installed, please disable your AV protection before running the Kaspersky Online Scanner.
Selected target: My Computer
Source: A:\; C:\; D:\; H:\; I:\;


Report is empty.
Please note: The free Kaspersky Online Scanner does not provide comprehensive protection and cannot prevent future infections. It only detects malware that has already penetrated your storage devices. We strongly recommend that you use a fully-functional antivirus solution to protect your computer at all times.

Please wait, this process may take a long time depending on the selected target. If you want to continue browsing, open a new window.

Scan Progress [99%]:





Total number of scanned objects: 54558
Number of viruses found: 10
Number of infected objects: 45
Number of suspicious objects: 0
Duration of the scan process: 00:58:53
Stop Scan








Get a Free Trial


Buy Kaspersky Anti-Virus


Help


Virus Encyclopedia


Kaspersky Lab






Product Info
You have Kaspersky Online Scanner version 5.0.98.0 installed. The current anti-virus database was released on Tuesday, January 22, 2008 and contains 526417 records.

System Info
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)Please wait while the Kaspersky Online Scanner is initializing and updating...








Copyright (C) Kaspersky Lab 1997 - 2007
Portions Copyright (C) Lan Crypto

 

No nii! Jo alko Lyyti kirjottaa ja kolmas kerta toden sanoo. Tässä tää murheenkryyni ny on.


KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 22, 2008 3:09:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/01/2008
Kaspersky Anti-Virus database records: 526598
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
H:\
I:\
Scan Statistics
Total number of scanned objects 54607
Number of viruses found 10
Number of infected objects 41
Number of suspicious objects 0
Duration of the scan process 00:57:10

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Application Data\Identities\{9E414DE5-8868-45E1-96A4-F559706D665E}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Application Data\Identities\{9E414DE5-8868-45E1-96A4-F559706D665E}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Sivuhistoria\History.IE5\MSHist012008012220080123\index.dat Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\ntuser.dat Object is locked skipped
C:\Documents and Settings\Teija Silvennoinen\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Taustasuojaus.txt Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\MalwareCrush\MalwareCrush.exe.vir Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wupeng.exe.vir Infected: Trojan-Downloader.Win32.Agent.hat skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1191\A0194863.exe Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1192\A0194935.exe/data0006 Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1192\A0194935.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195412.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195413.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195414.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195415.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195417.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195418.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195419.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195420.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195422.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195423.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195424.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195425.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195426.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195427.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195429.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195430.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195431.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195432.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195433.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195434.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1195\A0195435.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1196\A0195449.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1196\A0195452.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1196\A0195453.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1197\A0195457.exe Infected: not-a-virus:FraudTool.Win32.MalwareCrush.a skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1197\A0195511.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.az skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1198\A0195550.exe Infected: Trojan-Downloader.Win32.Agent.hat skipped
C:\System Volume Information\_restore{9E4574A8-9287-4DF8-9874-671EE0C7ED40}\RP1199\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\RESTORE.INS/C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\WINDOWS\RESTORE.INS ARJ: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system\RESTORE.INS/C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\WINDOWS\system\RESTORE.INS ARJ: infected - 1 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mi2.exe/WISE0045.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\WINDOWS\system32\mi2.exe/WISE0045.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\WINDOWS\system32\mi2.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\WINDOWS\system32\mi2.exe WiseSFX: infected - 3 skipped
C:\WINDOWS\system32\mi2.exe WiseSFXDropper: infected - 3 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_578.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

 

moi
poista kansio ja poista jos löytyy samanniminen tiedosto(voi löytyä molempia)
C:\WINDOWS\system32\mi2.exe

Seuraavaksi poistamme kaikki käytetyt työkalut.

Lataa OTMoveIt ja tallenna se työpöydällesi.

*TuplaklikkaaOTMoveIt.exe.
*Klikkaa CleanUp!.
*Valitse Yes kun kysytään "Begin cleanup Process?".
*Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
*OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.


HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.


vielä ongelmia???

 

Eipä tässä enää onkelmia oo ja toivotaan ettei tulekkaan. ISO kiitos siulle, että jaksoit minnuu neuvoa! Jatkoja!

 

OK
tässä vielä yksi juttu ja lisävinkki

Putsaa järjestelmän palautus:

1. Klikkaa oikealla oma tietokone-kuvaketta (hiiren oikealla napilla)
2. Valitse ominaisuudet (alin vaihtoehto)
3. Valitse järjestelmän palauttaminen välilehti
4. Valitse poista järjestelmän palauttaminen käytöstä (laita ruksi)
5. Paina käytä
6. Paina OK
7. Käynnistä kone uudelleen
8. Palauta asetukset takaisin(ota ruksi pois)




Pysy Puhtaana !

Käytä Firefox
Firefox on nopeampi turvallisempi selain kuin Internet Explorer
Lataa Firefox

Asenna Hosts-tiedosto
Hosts-tiedosto estää haitalliset internet-osoitteet
Lataa Hosts-tiedosto
Opas!

Asenna AVG Anti-Spyware
AVG Anti-Spyware poistaa haittaohjelmia ja puhdistaa myös rekisteriä
Lataa AVG Anti-Spyware
Opas!

Asenna Ccleaner
Ccleaner puhdistaa väliaikaistiedostot ja rekisteriä
Lataa Ccleaner
Opas!

Asenna SpywareBlaster
SpywareBlaster estää haittaohjelmien asentumista koneelle
Lataa SpywareBlaster
Opas!

Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste.
Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
Opas!

Pidä järjestelmäsi ajantasalla
Windows Update

Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.


Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

Taistele vastaan!!--> Malware Complaints
Sivusto antaa haittaohjelmien uhreille mahdollisuuden kertoa tarinansa ja tehdä valituksen asiasta. Taistellaan yhdessä haittaohjelmien tekijöitä vastaan!

 

Tattis, tattis! Hosts:ia ja SB:tä miul ei ookkaan, täytyypä asentaa ne. Avastinkii heitin jo jontkaan, ku ei sillä näköjään mitään tee...

Palajan astialle jos ongelmia ilmaantuu.