Logfile of HijackThis v1.99.1 Scan saved at 18:15:58, on 3.4.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe C:\Ohjelmatiedostot\Executive Software\DiskeeperLite\DKService.exe C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Ohjelmatiedostot\DAEMON Tools\daemon.exe C:\Ohjelmatiedostot\MessengerPlus! 3\MsgPlus.exe C:\windows\mousepad8.exe C:\Program Files\paytime.exe C:\WINDOWS\System32\tetriz3.exe C:\Ohjelmatiedostot\Internet Explorer\iexplore.exe C:\WINDOWS\System32\ctfmon.exe C:\Ohjelmatiedostot\Valve\Steam\Steam.exe c:\ohjelm~1\intern~1\iexplore.exe C:\Ohjelmatiedostot\iPod\bin\iPodService.exe C:\Ohjelmatiedostot\MSN Messenger\msnmsgr.exe C:\WINDOWS\explorer.exe C:\Ohjelmatiedostot\Opera\Opera.exe C:\HJThis(älä koske)\HijackThis.exe C:\OHJELMATIEDOSTOT\OPERA\OPERA.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Ohjelmatiedostot\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MessengerPlus3] "C:\Ohjelmatiedostot\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SLOW INTER PLATFORM FIRST] C:\Documents and Settings\All Users\Application Data\Live 64 slow inter\boldkind.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard8.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad8.exe O4 - HKLM\..\Run: [newname] C:\windows\newname8.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Ohjelmatiedostot\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [SysTray] C:\Program Files\paytime.exe O4 - HKLM\..\Run: [tetriz3] C:\WINDOWS\System32\tetriz3.exe O4 - HKLM\..\RunServices: [tetriz3] C:\WINDOWS\System32\tetriz3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Steam] C:\Ohjelmatiedostot\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [Settings wipe] C:\DOCUME~1\ERKKIM~1\APPLIC~1\TYPE32~1\Tick Drive.exe O4 - HKCU\..\Run: [tetriz3] C:\WINDOWS\System32\tetriz3.exe O4 - Startup: Adobe Gamma.lnk = C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146 O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\lv6q09j5e.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Ohjelmatiedostot\Executive Software\DiskeeperLite\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe Eli tommosta näyttää. Jos jätän esim. koneen auki ja lähen hetkeksi pois niin kone aukaisee nettiselaimen ja sieltä alkaa tuleen sitten kaikkia mainoksia sun muita et osaako joku auttaa kun en voi paljoo käyttää nettiäkään ko aukee ihan sairaasti jtn mainos sivuja.
Ensin täytyy sanoa, että komea kokoelma örkkejä Poista ohjauspaneelista: Messenger Plus !3 webHancer Survey Companion tai webHancer Lataa http://www.atribune.org/ccount/click.php?id=7 Look2Me-Destroyer.exe työpöydällesi. TÄRKEÄÄ: Ennen fixin jatkamista, sinun täytyy tehdä seuraavat: * Tulosta tämä, tai tallenna tekstitiedostona sopivaan sijaintiin. * Klikkaa käynnistä -> Suorita ja kirjoita: services.msc * Klikkaa OK. * Tarkista että tämä palvelu on käynnissä tai sen käynnistymistapa on automaattinen: * Toissijainen kirjautuminen * Seuraavaksi tietokoneesi on oltava offlinessa, vedä nettipiuha seinästä jos tarpeen. * Virustorjuntasi, ja kaikkien muiden turvaohjelmistojen TÄYTYY olla suljettuja. [*]Sulje kaikki ikkunat ennen jatkamista. [*]Tuplaklikkaa Look2Me-Destroyer.exe ajaaksesi ohjelman. [*]Rastita Run this program as a task. [*]Saat viestin joka sanoo; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Klikkaa OK [*]Kun Look2Me-Destroyer uudelleen avautuu, klikkaa Scan for L2M-valintaa, työpöytäsi pikakuvakkeet katoavat hetkeksi, tämä on normaalia. [*]Kun skannaus on valmis, klikkaa Remove L2M-valintaa. [*]Saat Done Scanning viestin, klikkaa OK. [*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK. [*]Tietokoneesi sammuttaa itsensä. [*]Käynnistä koneesi uudelleen. [*]Postita C:\Look2Me-Destroyer.txt tiedoston sisältö uuden HijackThis login kera postiisi. Jos palomuurisi varoittaa nettiyhteyksistä tähän ohjelmaan - salli ne. Jos saat runtime error '339', lataa MSWINSCK.OCX seuraavasta linkistä ja sijoita se C:\Windows\System32 kansioosi. http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX Koeta uudelleen. Lataa tuosta http://www.merijn.org/files/bfu.zip Brute Force Uninstaller työpöydällesi. [*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki. [*]Klikkaa "Seuraava" [*]Boksissa missä valita mihin haluat tiedostot purkaa, [*]Klikkaa "Selaa" [*]Klikkaa + merkkiä oman tietokoneen vieressä [*]Klikkaa "Paikallinen Levy (C" tai mikä sinun tärkein levysi onkin [*]Klikkaa "Tee uusi kansio" [*]Kirjoita BFU [*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis". http://metallica.geekstogo.com/alcanshorty.bfu OIKEA-KLIKKAA TÄSTÄ ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU). Älä tee mitään tällä vielä! Hae ewido ja päivitä se -> http://keskustelu.afterdawn.com/thread_view.cfm/269186 Älä skannaa sillä vielä. Hae findlop -> http://metallica.geekstogo.com/findlop.zip Pura ja tuplaklikkaa findlop.bat Logi löytyy tuolta C:\findlop.txt Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä. Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon. [*] Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe [*] Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu [*] Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.) [*]Odota Complete script execution boksia ja klikkaa OK. [*]Klikkaa exit lopettaaksesi Brute Force Uninstallerin. Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O4 - HKLM\..\Run: [MessengerPlus3] "C:\Ohjelmatiedostot\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [SLOW INTER PLATFORM FIRST] C:\Documents and Settings\All Users\Application Data\Live 64 slow inter\boldkind.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard8.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad8.exe O4 - HKLM\..\Run: [newname] C:\windows\newname8.exe O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Ohjelmatiedostot\webHancer\Programs\whsurvey.exe O4 - HKLM\..\Run: [SysTray] C:\Program Files\paytime.exe O4 - HKLM\..\Run: [tetriz3] C:\WINDOWS\System32\tetriz3.exe O4 - HKLM\..\RunServices: [tetriz3] C:\WINDOWS\System32\tetriz3.exe O4 - HKCU\..\Run: [Settings wipe] C:\DOCUME~1\ERKKIM~1\APPLIC~1\TYPE32~1\Tick Drive.exe O4 - HKCU\..\Run: [tetriz3] C:\WINDOWS\System32\tetriz3.exe Avast poistettu koneelta? Jos, niin fixaa myös nämä: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Sitten käynnistä -> suorita -> services.msc -> ok Etsi listalta avast! iAVS4 Control Service avast! Antivirus avast! Mail Scanner avast! Web Scanner Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi ei käytössä Poista jos löytyy: c:\secure32.html C:\Ohjelmatiedostot\MessengerPlus! 3 C:\Documents and Settings\All Users\Application Data\Live 64 slow inter C:\windows\keyboard8.exe C:\windows\mousepad8.exe C:\windows\newname8.exe C:\Ohjelmatiedostot\webHancer C:\Program Files\paytime.exe C:\WINDOWS\System32\tetriz3.exe C:\DOCUME~1\ERKKIM~1\APPLIC~1\TYPE32~1 Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti. Käynnistä uudelleen, postita tuore HijackThis logi, ewidon raportti, c:\findlop.txt ja C:\Look2Me-Destroyer.txt tiedostojen sisältö.
Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 3.4.2006 21:22:06 Infected! C:\WINDOWS\system32\d2j02c1mgf.dll Infected! C:\WINDOWS\SYSTEM32\mhexcl35.dll Infected! C:\WINDOWS\SYSTEM32\swecli.dll Infected! C:\WINDOWS\SYSTEM32\mwrt.dll Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\d2j02c1mgf.dll C:\WINDOWS\system32\d2j02c1mgf.dll could not be deleted! Attempting to delete: C:\WINDOWS\SYSTEM32\mhexcl35.dll C:\WINDOWS\SYSTEM32\mhexcl35.dll could not be deleted! Attempting to delete: C:\WINDOWS\SYSTEM32\swecli.dll C:\WINDOWS\SYSTEM32\swecli.dll could not be deleted! Attempting to delete: C:\WINDOWS\SYSTEM32\mwrt.dll C:\WINDOWS\SYSTEM32\mwrt.dll could not be deleted! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0B8F5AB4-12CE-4E5C-9F87-5FBA136F5495}" HKCR\Clsid\{0B8F5AB4-12CE-4E5C-9F87-5FBA136F5495} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4142FD8F-1B71-4482-B3BB-91DA8B316BDB}" HKCR\Clsid\{4142FD8F-1B71-4482-B3BB-91DA8B316BDB} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3D7ABC70-6082-4774-8036-BDF0D4711501}" HKCR\Clsid\{3D7ABC70-6082-4774-8036-BDF0D4711501} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2A752941-C704-4EB5-A66D-78C2F19F1B67}" HKCR\Clsid\{2A752941-C704-4EB5-A66D-78C2F19F1B67} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded Logfile of HijackThis v1.99.1 Scan saved at 21:28:53, on 3.4.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe C:\Ohjelmatiedostot\Executive Software\DiskeeperLite\DKService.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Ohjelmatiedostot\DAEMON Tools\daemon.exe C:\windows\mousepad8.exe C:\Program Files\paytime.exe C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\tetriz3.exe C:\WINDOWS\System32\ctfmon.exe C:\Ohjelmatiedostot\Valve\Steam\Steam.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Ohjelmatiedostot\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\wuauclt.exe C:\Ohjelmatiedostot\Opera\Opera.exe C:\HJThis(älä koske)\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Ohjelmatiedostot\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard8.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad8.exe O4 - HKLM\..\Run: [newname] C:\windows\newname8.exe O4 - HKLM\..\Run: [SysTray] C:\Program Files\paytime.exe O4 - HKLM\..\Run: [tetriz3] C:\WINDOWS\System32\tetriz3.exe O4 - HKLM\..\RunServices: [tetriz3] C:\WINDOWS\System32\tetriz3.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Steam] C:\Ohjelmatiedostot\Valve\Steam\Steam.exe -silent O4 - HKCU\..\Run: [tetriz3] C:\WINDOWS\System32\tetriz3.exe O4 - Startup: Adobe Gamma.lnk = C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146 O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Ohjelmatiedostot\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Ohjelmatiedostot\Executive Software\DiskeeperLite\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe Nyt on eka osio tehty vasta look2me mukaan.
Joo eipä se onnistunut. Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne.
Logfile of HijackThis v1.99.1 Scan saved at 15:46:20, on 4.4.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Ohjelmatiedostot\DAEMON Tools\daemon.exe C:\WINDOWS\System32\ctfmon.exe C:\Ohjelmatiedostot\Valve\Steam\Steam.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe C:\Ohjelmatiedostot\Executive Software\DiskeeperLite\DKService.exe C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe C:\Ohjelmatiedostot\iPod\bin\iPodService.exe C:\Ohjelmatiedostot\Skype\Phone\Skype.exe C:\Ohjelmatiedostot\Opera\Opera.exe C:\OHJELMATIEDOSTOT\WINAMP\WINAMP.EXE C:\HJThis(älä koske)\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Ohjelmatiedostot\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\OHJELM~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Ohjelmatiedostot\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Steam] C:\Ohjelmatiedostot\Valve\Steam\Steam.exe -silent O4 - Startup: Adobe Gamma.lnk = C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\OHJELMATIEDOSTOT\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\OHJELM~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Ohjelmatiedostot\Java\jre1.5.0_05\bin\npjpi150_05.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133794486146 O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://fdl.eu.msn.com/autos/SV/ocx/survid/MSSurVid.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://fdl.eu.msn.com/autos/SV/ocx/exterior/Outside.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\OHJELM~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\OHJELM~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Ohjelmatiedostot\Executive Software\DiskeeperLite\DKService.exe O23 - Service: ewido security suite control - ewido networks - C:\Ohjelmatiedostot\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Ohjelmatiedostot\Yhteiset tiedostot\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Ohjelmatiedostot\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 7:54:17, 4.4.2006 + Report-Checksum: 9F62C8B9 + Scan result: HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup C:\WINDOWS\SYSTEM32\tetriz3.exe -> Proxy.Small.bo : Cleaned with backup C:\WINDOWS\SYSTEM32\d2j02c1mgf.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\SYSTEM32\enjul1191.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\SYSTEM32\FK20ENU.DLL -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup C:\WINDOWS\newname7.exe -> Downloader.Adload.ae : Cleaned with backup C:\WINDOWS\keyboard7.exe -> Downloader.VB.zg : Cleaned with backup C:\WINDOWS\mousepad7.exe -> Downloader.VB.zw : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UERSJ_0001_N68M0902NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\V9T818G5\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\V9T818G5\MTE3NDI6ODoxNg[2].exe -> Downloader.Small.buy : Cleaned with backup C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\A8C4HRJZ\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\A8C4HRJZ\Installer[1].exe -> Adware.Look2Me : Cleaned with backup C:\Ohjelmatiedostot\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup C:\Ohjelmatiedostot\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup C:\Installer.exe -> Adware.Look2Me : Cleaned with backup C:\Program Files\paytime.exe -> Hijacker.StartPage.adi : Cleaned with backup C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\toolbar.exe -> Downloader.Adload.ai : Cleaned with backup C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup C:\tool3.exe -> Proxy.Small.bo : Cleaned with backup C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup C:\Documents and Settings\Erkki Manninen\Local Settings\Temp\temp.fr4988 -> Adware.WebHancer : Cleaned with backup C:\Documents and Settings\Erkki Manninen\Local Settings\Temp\temp.frCAED -> Adware.WebHancer : Cleaned with backup C:\Documents and Settings\Erkki Manninen\Local Settings\Temporary Internet Files\Content.IE5\0V8XYNCV\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup C:\Documents and Settings\Erkki Manninen\Local Settings\Temporary Internet Files\Content.IE5\0V8XYNCV\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup C:\Documents and Settings\Erkki Manninen\Local Settings\Application Data\Mozilla\Firefox\Profiles\crq9xlui.default\Cache\71AA8828d01 -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP169\A0066629.dll -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP169\A0066735.exe -> Downloader.Small.ckj : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP169\A0066746.exe -> Downloader.Adload.ai : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP171\A0067065.dll -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP171\A0067093.EXE -> Adware.AdURL : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP171\A0067297.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP171\A0067306.exe -> Downloader.VB.zg : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP171\A0067309.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP171\A0067333.exe -> Adware.AdURL : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067390.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067401.dll -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067402.exe -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067403.DLL -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067412.exe -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067413.dll -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067414.DLL -> Adware.WebHancer : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067416.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067423.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067425.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067426.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{61778DFE-D43D-4868-BB8E-5FB583E20214}\RP172\A0067427.dll -> Adware.Look2Me : Cleaned with backup ::Report End Joo, että tein vielä illalla tarkistuksia, että katso nämä ensiksi.
HjT-loki ja ewidon raportti on ok. L2M:n filut täytyy vielä saada pois, joten tee tämä: Hae täältä -> http://www.atribune.org/downloads/l2mfix.exe l2mfix ja tallenna työpöydälle. Tuplaklikkaa sitä ja klikkaa install. Avaa l2mfix -kansio työpöydältä ja tuplaklikkaa l2mfix.bat ja valitse #1 painamalla 1 ja enter(ÄLÄ tee vielä mitään muuta!!). Kopioi se loki ja lähetä tänne. Ja lähetä se c:\findlop.txt-tiedoston sisältö myös.
L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-skannerinhallinta" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N„ytt”sovittimen CPL-laajennus" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto" "{56117100-C0CD-101B-81E2-00AA004AE837}"="K„ytt”liittym„n leikkeidenk„sittelytoiminto" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym„laajennukset" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n„yt”nhallinta" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostuksenhallinta" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym„laajennukset" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym„laajennus" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym„laajennus jakamista varten" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Host -k„ytt”liittym„laajennukset" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht„v„t" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht„v„palkki ja K„ynnist„-valikko" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S„hk”posti" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty”kalut" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty”kalurivi" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint„palkki" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L„hiosoite" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j„sent„j„" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v„limuistikansio" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K„ytt”liittym„n sovelluksenhallintaohjelma" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k„sittelyst„ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist„" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="K„ytt„j„tilit" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil”it„..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web-kansiot" "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder" "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band" "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu" "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site" "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar" "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand" "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Linkit" "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image" "{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service" "{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service" "{13709620-C279-11CE-A49E-444553540000}"="Liittym„n automaatiopalvelu" "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Liittym„n automaatiokansion„kym„" "{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="K„ynnist„-valikko" "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service" "{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service" "{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions" "{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop" "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension" "{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon" "{B091E540-83E3-11CF-A713-0020AFD79762}"="Tiedostotyypit-sivu" "{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME-tiedostotyyppien kahva" "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Pikkukuvat" "{7D688A77-C613-11D0-999B-00C04FD655E1}"="SlowFile Icon Overlay" "{8DE56A0D-E58B-41FE-9F80-3563CDCB2C22}"="Oletusarvoinen kuvanpurkuohjelma ominaisuuksia varten" "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{472083B0-C522-11CF-8763-00608CC02F24}"="avast" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk„sittelyobjekti" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ wxmmin.dll Sat 11 Mar 2006 21.31.40 A..H. 9 0,01 K cmdlin~1.dll Mon 16 Jan 2006 15.23.42 A.... 98 304 96,00 K 2 items found: 2 files (1 H/S), 0 directories. Total of file sizes: 98 313 bytes 96,01 K Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Asemalla C ei ole nime„. Aseman sarjanumero on 3671-12EB Kansio C:\WINDOWS\System32 04.12.2005 13:09 <KANSIO> Microsoft 04.12.2005 12:42 <KANSIO> dllcache 0 tiedosto(a) 0 tavua 2 kansio(ta) 15ÿ028ÿ584ÿ448 tavua vapaana [TRACE] Enumerating jobs and queues [TRACE] Activating job 'Säätötoiminnon aloitus.job' [TRACE] Printing all job properties ApplicationName: 'walign' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'mleo' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 12/03/2005 23:00:00 NextRun: 04/05/2006 9:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 1 KillIfGoingOnBatteries = 1 RunOnlyIfLoggedOn = 0 SystemRequired = 0 Hidden = 0 TaskFlags: 0 8 Triggers Trigger 0: Type: MonthlyDOW Week: 1 DaysOfTheWeek: ...W... Months: JanFebMarAprMayJunJulAugSepOctNovDec StartDate: 11/22/1997 EndDate: 00/00/0000 StartTime: 09:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Trigger 1: Type: MonthlyDOW Week: 1 DaysOfTheWeek: ...W... Months: JanFebMarAprMayJunJulAugSepOctNovDec StartDate: 11/22/1997 EndDate: 00/00/0000 StartTime: 14:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Trigger 2: Type: MonthlyDOW Week: 1 DaysOfTheWeek: ...W... Months: JanFebMarAprMayJunJulAugSepOctNovDec StartDate: 11/22/1997 EndDate: 00/00/0000 StartTime: 19:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Trigger 3: Type: MonthlyDOW Week: 1 DaysOfTheWeek: ...W... Months: JanFebMarAprMayJunJulAugSepOctNovDec StartDate: 11/22/1997 EndDate: 00/00/0000 StartTime: 23:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Trigger 4: Type: MonthlyDOW Week: 1 DaysOfTheWeek: ......A Months: JanFebMarAprMayJunJulAugSepOctNovDec StartDate: 11/22/1997 EndDate: 00/00/0000 StartTime: 09:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Trigger 5: Type: MonthlyDOW Week: 1 DaysOfTheWeek: ......A Months: JanFebMarAprMayJunJulAugSepOctNovDec StartDate: 11/22/1997 EndDate: 00/00/0000 StartTime: 14:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Trigger 6: Type: MonthlyDOW Week: 1 DaysOfTheWeek: ......A Months: JanFebMarAprMayJunJulAugSepOctNovDec StartDate: 11/22/1997 EndDate: 00/00/0000 StartTime: 19:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Trigger 7: Type: MonthlyDOW Week: 1 DaysOfTheWeek: ......A Months: JanFebMarAprMayJunJulAugSepOctNovDec StartDate: 11/22/1997 EndDate: 00/00/0000 StartTime: 23:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec NetDetect.job' [TRACE] Printing all job properties ApplicationName: 'C:\OHJELMATIEDOSTOT\SYMANTEC\LIVEUPDATE\NDETECT.EXE' Parameters: '' WorkingDirectory: 'C:\OHJELMATIEDOSTOT\SYMANTEC\LIVEUPDATE' Comment: 'Symantec NetDetect' Creator: 'Erkki Manninen' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 12/04/2005 12:28:51 NextRun: 04/03/2006 21:41:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0x65 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 2 Triggers Trigger 0: Type: Daily DaysInterval: 1 StartDate: 12/04/2005 EndDate: 00/00/0000 StartTime: 14:51 MinutesDuration: 1440 MinutesInterval: 5 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 Trigger 1: Type: AtLogon StartDate: 01/14/2003 EndDate: 00/00/0000 StartTime: 12:57 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0
Olepa hyvä Täällä ohjeet miten asentaa mese plus ilman sponsoriohjelmaa -> http://keskustelu.afterdawn.com/thread_view.cfm/280957
