HJT-logi +Your privacy is in danger!

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by WelluKeto, Aug 21, 2007.

  1. WelluKeto

    WelluKeto Guest

    Moro.

    Kun avaan netin auvautuu http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

    Taustakuvaksi on muuttunut: YOUR PRIVACY IS IN DANGER!
    Download privacy protection software now

    Netti availee itsestään ,alapalkissa vilkkuu valkoinen rasti punaisella pojalla (ympyrä).

    HJT-Logi :
    Logfile of HijackThis v1.99.1
    Scan saved at 14:09:45, on 21.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\HP_Omistaja\Työpöytä\pelisivut\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\HP_Omistaja\Työpöytä\Uusi kansio\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://81.201.104.136/bscwrap.php?m...ontext=404&plug_id=134_00_00_0_0_0&q=/?url=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: WhgHelper Class - {00000000-0000-11D1-ABED-709549C10000} - C:\Program Files\WHG\Instant Help Application Update 1.2\IEHelper.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {662CCBBF-3948-1CCA-3E03-0ADE21753F69} - C:\DOCUME~1\HP_OMI~1\APPLIC~1\STOREI~1\meta creative.exe (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\Bits Setup.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MoveOption] C:\DOCUME~1\HP_OMI~1\APPLIC~1\HOLETR~1\Objonceref.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program Files\expektMPP\MPPoker.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - (no file)
    O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
    O21 - SSODL: printers - {3D44A3F4-0E98-4780-B9D3-7F8EF944174E} - libmsns.dll (file missing)
    O21 - SSODL: wmpenv - {A184F763-1024-4732-8979-C898056EA38A} - C:\WINDOWS\wmpenv.dll
    O21 - SSODL: wmpconf - {77056F2B-C029-4A09-8DD6-BBF0C8BA77E7} - C:\WINDOWS\wmpconf.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
    WelluKeto, Aug 21, 2007
    #1
  2. WelluKeto

    WelluKeto Guest

    Voisko joku ystävällisetä avittaa minua tämän kanssa,olen itse näissä hommissa aika keltanokka. Ei nämä perinteiset puhdistusohjelmat tähän tehoa.Kiitos.
     
    WelluKeto, Aug 21, 2007
    #2
  3. Hujo

    Hujo Guest

    1. Lataa tästä poistotyökalu ja tallenna se työpöydällesi http://sosvirus.changelog.fr/MSNFix.zip
    2. Pura se MSNFix kansioon
    3. Avaa kansio ja käynnistä MSNFix.bat
    4. Valitse haluamasi kieli ikkunassa näkyvästä listasta kirjoittamalla joku niistä kirjaimista ja paina ENTER. E = englanti
    5. Kirjoita seuraavaksi R kirjain ja paina ENTER käynnistääksesi virushaun.
    6. Sen jälkeen paina uusiksi ENTER poistaaksesi työkalun löytämät tiedostot.

    ===================

    scannaa hjt:llä merkkaa paina Fix checked

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: WhgHelper Class - {00000000-0000-11D1-ABED-709549C10000} - C:\Program Files\WHG\Instant Help Application Update 1.2\IEHelper.dll
    O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - (no file)
    O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
    O21 - SSODL: printers - {3D44A3F4-0E98-4780-B9D3-7F8EF944174E} - libmsns.dll (file missing)

    =======================

    Poista lisää poista sovelutuksesta

    SWEETIE

    Poista vikasiedosssa kansio
    C:\Program Files\Macrogaming

    ========================

    Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.


    ========================

    Escan
    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.

    ====================

    Lataa tuolta http://www.ccleaner.com/download/builds.aspx
    CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!

    laita asetukset näin:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

    aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
    aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi
     
    Last edited by a moderator: Aug 21, 2007
    Hujo, Aug 21, 2007
    #3
  4. WelluKeto

    WelluKeto Guest

    Taitaa olla hermoja raastava prosessi tämä,mutta ISO kiitos sinulle ,että autat pääsemään tästä eroon.
    Olen pahoillani ,että tämä kesti näin kauan ,jouduin tekemään kaiken 2 kertaa sähkökatkoksen vuoksi.

    Tässä pyytämiäsi tietoja:
    Logfile of HijackThis v1.99.1
    Scan saved at 18:02:53, on 22.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\HP_Omistaja\Työpöytä\pelisivut\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\CCleaner\ccleaner.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\HP_Omistaja\Työpöytä\Uusi kansio\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://81.201.104.136/bscwrap.php?m...ontext=404&plug_id=134_00_00_0_0_0&q=/?url=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program Files\expektMPP\MPPoker.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: wmpenv - {45055232-805C-40F4-8D14-151094BC5AF3} - C:\WINDOWS\wmpenv.dll
    O21 - SSODL: wmpconf - {CBB227E0-EBDF-495B-8DE0-550B7EBEF5AA} - C:\WINDOWS\wmpconf.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


    SmitFraudFix v2.214

    Scan done at 11:23:51,31, ke 22.08.2007
    Run from C:\Documents and Settings\HP_Omistaja\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\HP_Omistaja\Työpöytä\pelisivut\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\duocore.dll FOUND !
    C:\WINDOWS\privacy_danger FOUND !
    C:\WINDOWS\wmpconf.dll FOUND !
    C:\WINDOWS\wmpenv.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Omistaja


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Omistaja\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_OMI~1\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\HP_OMI~1\TYPYT~1\Error Cleaner.url FOUND !
    C:\DOCUME~1\HP_OMI~1\TYPYT~1\Privacy Protector.url FOUND !
    C:\DOCUME~1\HP_OMI~1\TYPYT~1\Spyware?Malware Protection.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\AntiVerminser\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="http://69.93.50.122/desktopgirls/thumbs/Tess_Mattisson_8150192730AM274.jpg"
    "SubscribedURL"="about:home"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
    "SubscribedURL"=""
    "FriendlyName"="Privacy Protection"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{f2efa195-4785-4db1-9316-b48c64bb71da}"="blippers"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: SiS 900-Based PCI Fast Ethernet Adapter
    DNS Server Search Order: 193.229.0.40
    DNS Server Search Order: 193.229.0.42

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7BD43EDB-F05C-488C-A88C-C78F01E00F4D}: DhcpNameServer=193.229.0.40 193.229.0.42
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7BD43EDB-F05C-488C-A88C-C78F01E00F4D}: DhcpNameServer=193.229.0.40 193.229.0.42
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{7BD43EDB-F05C-488C-A88C-C78F01E00F4D}: DhcpNameServer=193.229.0.40 193.229.0.42
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    File C:\WINDOWS\wmpenv.dll infected by "Trojan-Downloader.Win32.Zlob.cag" Virus. Action Taken: File to be deleted on reboot.
    File C:\WINDOWS\duocore.dll tagged as not-a-virus:AdWare.Win32.Agent.bn. No Action Taken.
    File C:\WINDOWS\duocore.dll tagged as not-a-virus:AdWare.Win32.Agent.bn. No Action Taken.
    File C:\WINDOWS\wmpconf.dll infected by "Trojan-Downloader.Win32.Zlob.cag" Virus. Action Taken: File to be deleted on reboot.
    File C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\Bits Setup.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File to be deleted on reboot.
    File C:\Documents and Settings\All Users\Application Data\Soap online mags rule\Deaf Seek.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Soap online mags rule\onepeak.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Soap online mags rule\Support 32.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\Documents and Settings\HP_Omistaja\Application Data\Hole Tray Comp\aklmjxsk.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\Documents and Settings\HP_Omistaja\Application Data\Hole Tray Comp\nysrxamn.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\Documents and Settings\HP_Omistaja\Application Data\Hole Tray Comp\xwjezqsd.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\Documents and Settings\HP_Omistaja\Työpöytä\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
    File C:\Documents and Settings\HP_Omistaja\Työpöytä\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
    File C:\hp\bin\KillWind.exe tagged as not-a-virus:RiskTool.Win32.PsKill.p. No Action Taken.
    File C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP548\A0523825.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP548\A0523827.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP548\A0523828.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
    File C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP563\A0552169.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP563\A0552171.exe tagged as not-a-virus:FraudTool.Win32.UltimateDefender.c. No Action Taken.
    File C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP563\A0552172.exe tagged as not-a-virus:AdWare.Win32.Lop.ai. No Action Taken.
    File C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP563\A0552174.dll tagged as not-a-virus:FraudTool.Win32.WorldSecurityOnline.c. No Action Taken.
    File C:\System Volume Information\_restore{04486428-9B71-4484-9673-4493EB5E2F46}\RP565\A0554248.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
    File C:\WINDOWS\duocore.dll tagged as not-a-virus:AdWare.Win32.Agent.bn. No Action Taken.

    Edelleen taustakuva on sama minkä alussa kerroin,system alert vilkkuu vähän väliä ja windows security alert myös.Jään odottelemaan lisäohjeita.Kiitos.

     
    WelluKeto, Aug 22, 2007
    #4
  5. Hujo

    Hujo Guest

    eiköhän kohta helpota :)

    Printtaa ohjeet ulos.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

    Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.

    ======================

    scannaa hjt:llä merkkaa paina Fix checked

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
    O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    ==========================

    Tuota oot varmaankin käyttänyt AVG Anti-Spyware 7.5 päivitä ja aja se vikasiedossa

    =======================

    Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
    Linkki1
    Linkki2
    Linkki3

    1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
    2.Tuplaklikkaa NoLop.exe ajaaksesi sen
    3.Klikkaa nappulaa "Search and Destroy"
    <<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
    4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
    5. Klikkaa "REBOOT"-painiketta.
    6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
    -- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.
     
    Last edited by a moderator: Aug 22, 2007
    Hujo, Aug 22, 2007
    #5
  6. WelluKeto

    WelluKeto Guest

    Moi.
    Tässä on vaan osa pyytämistäsi tiedoista.
    Kaikkea en löytänyt ,mutta kone alkaa varmaan olemaan jo kunnossa.
    Logfile of HijackThis v1.99.1
    Scan saved at 11:11:11, on 23.8.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\TrojanHunter 4.7\THGuard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\HP_Omistaja\Työpöytä\pelisivut\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\HP_Omistaja\Työpöytä\Uusi kansio\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MoveOption] C:\DOCUME~1\HP_OMI~1\APPLIC~1\HOLETR~1\Objonceref.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program Files\expektMPP\MPPoker.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Program Files\nordicbetMPP\MPPoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


    Smitfraufix ja Nonlop tiedostoja ei ole koska ei löydy,mutta kaikki olen tehnyt mitä olet ohjeisiin laittanut,ja kone toimii todella hyvin tällä hetkellä.Tuntuu mahtavalta kun taas toimii muutaman päivän hermoilun jälkeen ,onneksi on ammattilaisia otka auttaa.Suuri kiitos sinulle näistä neuvoista.Laita ihmeessä jos jotakin vielä pitää tehdä .KIITOS!
     
    WelluKeto, Aug 23, 2007
    #6
  7. Hujo

    Hujo Guest

    1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
    2. Valitse ominaisuudet
    3. Valitse järjestelmän palauttaminen välilehti
    4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
    5. Paina Käytä
    6. Paina ok
    7. Sammuta ja käynnistä
    8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
    9. Käytä ja OK
     
    Hujo, Aug 23, 2007
    #7
  8. Lehtis

    Lehtis Member

    Joined:
    May 29, 2007
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    11
    Joo, eli olis samanlaista ongelmaa, Hijackthis logit:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:28:04, on 10.10.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\UMonit.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Power Manager\PM.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\WINDOWS\system32\LckFldService.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\F-Secure\FSPC\fspc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\F-Secure\FSGUI\fsguidll.exe
    C:\Program Files\F-Secure\FSAUA\program\licmgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\ssflwbox.scr
    C:\Documents and Settings\Admin\Työpöytä\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrvqw.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrvqt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - C:\WINDOWS\netadv.dll
    O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [castpinglicenseerror] C:\Documents and Settings\All Users\Application Data\draw four cast ping\warninternet.exe
    O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\btorrent16.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
    O4 - HKCU\..\Run: [HECKCASH] C:\DOCUME~1\Admin\APPLIC~1\GPLMFC~1\typeproc.exe
    O4 - HKCU\..\Run: [ProBNC] "C:\Program Files\Arkku IP Updater\sysupdate.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Admin\Työpöytä\Waret\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [vpnvow] C:\DOCUME~1\Admin\LOCALS~1\Temp\vpnvow.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
    O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure\FSPC\fspcmsie.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: bw+0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw+0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw-0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw-0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw00 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw00s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw10 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw10s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw20 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw20s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw30 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw30s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw40 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw40s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw50 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw50s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw60 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw60s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw70 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw70s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw80 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw80s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw90 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bw90s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwa0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwa0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwb0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwb0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwc0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwc0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwd0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwd0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwe0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwe0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwf0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwf0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwg0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwh0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwh0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwi0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwi0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwj0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwj0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwk0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwk0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwl0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwl0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwm0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwm0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwn0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwn0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwo0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwo0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwp0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwp0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwq0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwq0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwr0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwr0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bws0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bws0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwt0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwt0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwu0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwu0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwv0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwv0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bww0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bww0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwx0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwx0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwy0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwy0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwz0 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: bwz0s - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O18 - Protocol: offline-8876480 - {CAFC67C7-6C2B-482E-A6AD-C43DC466B0D3} - (no file)
    O21 - SSODL: msvb - {1FEF7F2D-C52C-4EA9-B6E2-9FCF438547DF} - C:\WINDOWS\msvb.dll
    O21 - SSODL: sysdx - {C0F93EBD-9F78-4339-8CE1-8447AC5F74D5} - C:\WINDOWS\sysdx.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
    O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: SNMP-palvelu (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 20998 bytes
     
    Lehtis, Oct 10, 2007
    #8
  9. Hujo

    Hujo Guest

    Lehtis

    aloita oma ketju lokilles
     
    Hujo, Oct 10, 2007
    #9

Share This Page