Troijalaiset hyökkäilee kaiken aikaa ja muutama ylimääräinen pikakuvake on ilmestynyt työpöydälle.... Tarvin tosissani apua,oon aivan käsi näiden koneiden kanssa Logfile of HijackThis v1.99.1 Scan saved at 22:33:58, on 24.5.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon06.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Simo Lahtinen\Omat tiedostot\Ladatut tiedostot\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/yme/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123426731484 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab O18 - Protocol: bw+0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {775A5736-1402-416D-8D5D-16C3C73A287F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Päivitä Ewido, ohjetta jos on unohtunut miten: http://keskustelu.afterdawn.com/thread_view.cfm/269186 Käynnistä tietokoneesi vikasietotilaan näpyttämällä F8:a käynnistyksen yhteydessä http://www.pchell.com/support/safemode.shtml Skannaa ewidolla vikasietotilassa ja tallenna sen raportti Käynnistä koneesi uudelleen normaalisti takaisin normaalitilaan ja postita tämän raportin sisältö viestiketjuusi
Tein niinkuin neuvoit,mutta ewido ei löytänyt yhtään mitään... Raportti oli aivan tyhjä.... Onko mitään muuta tehtävissä?
Katotaan tällä vielä, Lataa WinPFind työpöydällesi. http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip Pura tiedoston WinPFind.zip sisältö (kansio WinPFind) C-aseman juureen. Mene sitten kansioon C:\WinPFind ja tuplaklikkaa tiedostoa WinPFind.exe, ohjelma käynnistyy. Paina Start Scan- painiketta ja odota kunnes skannaus on valmis. Ohjelma skannaa todella suuren määrään tiedostoja etsien vastaavuutta haittaohjelmille tyypillisiin tiedostoihin, joten ole kärsivällinen ja anna ohjelman skannata. Skannaus saattaa kestää jopa yli 30 minuuttia. Kun skannaus on valmis, ohjelma näyttää skannaustuloksen. Paina Copy to Clipboard-painiketta, tulos kopioituu leikepöydälle. Avaa sitten Muistio ja liitä tulos siihen, tallenna dokumentti työpöydälle nimellä WinPFind-loki. Liitä sitten tämän dokumentin sisältö viestiketjuusi. Huom! Kaikki listatut kohteet eivät välttämättä ole haittaohjelmia.
No niin,en tiedä teinkö tän ihan oikein.... Mut tämmöstä sieltä tuli... Toivotavasti siitä olis apua tähän Oon kyl tosi nolo näiden koneiden kanssa.... Kiitos vaan pitkäjänteisyydestä WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... UPX! 6.5.2006 19:00:58 27262976 C:\VIRTPART.DAT Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... UPX! 27.4.2006 20:50:00 597504 C:\WINDOWS\SYSTEM32\aswBoot.exe UPX! 14.1.2003 17:07:34 236032 C:\WINDOWS\SYSTEM32\devil.dll PEC2 9.10.2001 15:00:00 41113 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 29.8.2005 13:27:12 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL PECompact2 4.5.2006 7:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe aspack 4.5.2006 7:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe aspack 14.9.2004 16:11:38 701952 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 14.9.2004 16:11:56 661504 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 9.10.2001 15:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 3.8.2004 22:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 25.5.2006 15:22:52 S 2048 C:\WINDOWS\bootstat.dat 14.4.2006 21:02:48 HS 7680 C:\WINDOWS\Thumbs.db 30.3.2006 13:03:38 S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat 10.4.2006 7:43:08 S 63649 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem24.CAT 20.4.2006 17:20:46 S 7645 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem25.CAT 10.4.2006 7:43:08 S 63649 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem26.CAT 10.4.2006 7:43:08 S 63649 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT 10.4.2006 7:43:08 S 63649 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem28.CAT 25.5.2006 15:30:16 H 1024 C:\WINDOWS\system32\config\default.LOG 25.5.2006 15:23:02 H 1024 C:\WINDOWS\system32\config\SAM.LOG 25.5.2006 15:23:50 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 25.5.2006 15:41:28 H 1024 C:\WINDOWS\system32\config\software.LOG 25.5.2006 15:34:36 H 1024 C:\WINDOWS\system32\config\system.LOG 12.5.2006 5:56:46 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 12.5.2006 20:41:22 S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 13.5.2006 12:19:04 S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 12.5.2006 20:41:22 S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 12.5.2006 20:41:22 S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 24.5.2006 16:21:36 S 70226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 12.5.2006 20:41:22 S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 13.5.2006 12:19:04 S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 12.5.2006 20:41:22 S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 12.5.2006 20:41:22 S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 24.5.2006 16:21:36 S 128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 25.4.2006 21:29:06 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\96c33482-2e03-4deb-a04f-bbe27df020b0 25.4.2006 21:29:06 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 15.5.2006 16:59:38 H 10840 C:\WINDOWS\system32\spool\drivers\w32x86\3\EPIUIE6A.GID 25.5.2006 15:22:54 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 14.9.2004 16:12:08 70144 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 14.9.2004 16:12:08 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 14.9.2004 16:12:10 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Logitech Inc. 18.1.2005 17:36:14 282624 C:\WINDOWS\SYSTEM32\camcpl.cpl Microsoft Corporation 14.9.2004 16:12:10 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 14.9.2004 16:12:10 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 14.9.2004 16:12:10 154624 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 14.9.2004 16:12:10 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 14.9.2004 16:12:10 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 14.9.2004 16:12:10 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 14.9.2004 16:12:10 68608 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10.11.2005 14:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 9.10.2001 15:00:00 188416 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 14.9.2004 16:12:10 620032 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 9.10.2001 15:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 14.9.2004 16:12:10 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 14.9.2004 16:12:10 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 9.10.2001 15:00:00 37376 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 14.9.2004 16:12:10 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 14.9.2004 16:12:10 115200 C:\WINDOWS\SYSTEM32\powercfg.cpl 4.5.2000 23:57:38 303104 C:\WINDOWS\SYSTEM32\scmgrcpl50.cpl NVIDIA Corporation 17.6.2003 12:17:38 R 73728 C:\WINDOWS\SYSTEM32\sscpl.cpl Microsoft Corporation 14.9.2004 16:12:10 299008 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 9.10.2001 15:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 14.9.2004 16:12:10 93696 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 14.9.2004 16:12:10 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.5.2005 4:16:30 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 9.10.2001 15:00:00 188416 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 9.10.2001 15:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 9.10.2001 15:00:00 37376 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 9.10.2001 15:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26.5.2005 4:16:30 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 15.3.2006 16:45:44 1761 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk 29.4.2005 21:38:32 HS 84 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini 7.8.2005 20:26:50 897 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\EPSON Status Monitor 3 Environment Check 2.lnk 30.4.2005 11:48:14 1812 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk 30.4.2005 11:48:44 802 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Image Zone -pikakäynnistys.lnk 13.8.2005 20:58:38 1889 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Logitech Desktop Messenger.lnk 30.4.2005 0:08:02 1737 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Microsoft Office.lnk 15.4.2006 16:47:54 1501 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\RAMASST.lnk 30.4.2005 0:33:28 1522 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\WinZip Quick Pick.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 29.4.2005 22:25:24 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 30.4.2005 11:56:10 764 C:\Documents and Settings\All Users\Application Data\hpzinstall.log 25.3.2006 22:17:48 3143 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 29.4.2005 21:38:32 HS 84 C:\Documents and Settings\Simo Lahtinen\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini Checking files in %USERPROFILE%\Application Data folder... »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Käynnistä-valikon nasta = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} Google Toolbar Helper = c:\program files\google\googletoolbar1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Päivän vihje = %SystemRoot%\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Etsintäpalkki = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Lähiosoite : %SystemRoot%\System32\browseui.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll {74CC49F7-EB32-4A08-B204-948962A6E3DB} = : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Lähiosoite : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Linkit : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : {74CC49F7-EB32-4A08-B204-948962A6E3DB} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] B'sCLiP C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe HPHUPD06 C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" HPHmon06 C:\WINDOWS\System32\hphmon06.exe zBrowser Launcher C:\Program Files\Logitech\iTouch\iTouch.exe EM_EXEC C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe LVCOMSX C:\WINDOWS\system32\LVCOMSX.EXE LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe WinPatrol C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe LDM C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe LogitechSoftwareUpdate "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot NBJ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run wininet.dll regperf.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent = Ati2evxx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 25.5.2006 15:43:36
No ainakin smitfraudin jäänteitä näyttäis olevan: Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi: Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa). Postita tämän tekstitiedoston sisältö viestiketjuusi.
Tämmöstä löyty tällä kertaa... SmitFraudFix v2.47 Scan done at 17:07:29,57, to 25.05.2006 Run from C:\Documents and Settings\Simo Lahtinen\Ty”p”yt„\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Simo Lahtinen\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SIMOLA~1\Suosikit C:\DOCUME~1\SIMOLA~1\Suosikit\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Nykyinen kotisivu" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Käynnistä tietokoneesi vikasietotilaan näpyttämällä F8:a käynnistyksen yhteydessä http://www.pchell.com/support/safemode.shtml Siellä voit ensin poistaa kaikki ylimääräiset kuvakkeet työpöydältäsi joista mainitsit ensimmäisessä viestissäsi ja sen jälkeen avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot. Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet. Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter". Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin. Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi. Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.
Dodiin.... SmitFraudFix v2.47 Scan done at 18:34:43,90, to 25.05.2006 Run from C:\Documents and Settings\Simo Lahtinen\Omat tiedostot\Ladatut tiedostot\Afterin neuvot\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [versio 5.1.2600] Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\SIMOLA~1\Suosikit\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
Sain ei toivotut kuvakeet pois ja muutenkin tuntuu kaikki taas toimivan... Tuhannesti kiitos avusta ja vaivannäöstä!!!
NYT ON KONE IHAN SEKASIN tiedän mikä on virus mutta en tiedä että mitä pitäisi tehdä kun sitä ei voi poistaa tulee vaan: sulje kaikki ohjelmat jotka voivat käyttää tätä ja se viirus on muuten: l6n4lg5q16.dll on tässä koneessa muistakin viiruksia en vain tiedä että miten ne saisi poistetua kun oisoitteet alkavat: c:\system volume information <--- ei noita voi kirjottaa osotteeksi kun niissä on noi välit ja tässä on tuo WinPFindilla tehty juttu: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 22.8.2004 17:04:56 69120 C:\WINDOWS\daemon.dll Checking %System% folder... UPX! 6.1.2005 15:20:42 55296 C:\WINDOWS\SYSTEM32\34yf28fg.exe WinShutDown 27.5.2006 23:19:52 R S 236799 C:\WINDOWS\SYSTEM32\aftiveds.dll ad-w-a-r-e.com 27.5.2006 23:19:52 R S 236799 C:\WINDOWS\SYSTEM32\aftiveds.dll UPX! 8.10.2004 12:45:04 9728 C:\WINDOWS\SYSTEM32\authz.exe UPX! 26.9.2004 17:58:56 6656 C:\WINDOWS\SYSTEM32\delspy.exe PEC2 9.10.2001 15:00:00 41113 C:\WINDOWS\SYSTEM32\dfrg.msc WinShutDown 28.5.2006 17:34:20 R S 234199 C:\WINDOWS\SYSTEM32\g0lmla311d.dll ad-w-a-r-e.com 28.5.2006 17:34:20 R S 234199 C:\WINDOWS\SYSTEM32\g0lmla311d.dll WinShutDown 29.5.2006 20:03:22 R S 236375 C:\WINDOWS\SYSTEM32\guard.tmp ad-w-a-r-e.com 29.5.2006 20:03:22 R S 236375 C:\WINDOWS\SYSTEM32\guard.tmp WinShutDown 27.5.2006 23:15:12 R S 236214 C:\WINDOWS\SYSTEM32\kldhela3.dll ad-w-a-r-e.com 27.5.2006 23:15:12 R S 236214 C:\WINDOWS\SYSTEM32\kldhela3.dll WinShutDown 28.5.2006 18:24:52 R S 234919 C:\WINDOWS\SYSTEM32\KODAL.DLL ad-w-a-r-e.com 28.5.2006 18:24:52 R S 234919 C:\WINDOWS\SYSTEM32\KODAL.DLL PTech 12.7.2005 18:04:22 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll WinShutDown 27.5.2006 23:50:34 R S 234199 C:\WINDOWS\SYSTEM32\lfrt.dll ad-w-a-r-e.com 27.5.2006 23:50:34 R S 234199 C:\WINDOWS\SYSTEM32\lfrt.dll PECompact2 4.5.2006 7:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe aspack 4.5.2006 7:26:22 5818784 C:\WINDOWS\SYSTEM32\MRT.exe WinShutDown 28.5.2006 17:31:20 R S 234199 C:\WINDOWS\SYSTEM32\nowddi.dll ad-w-a-r-e.com 28.5.2006 17:31:20 R S 234199 C:\WINDOWS\SYSTEM32\nowddi.dll aspack 15.9.2004 2:11:38 701952 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 15.9.2004 2:11:56 661504 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 8.1.2005 13:28:46 128000 C:\WINDOWS\SYSTEM32\saie2281.dll winsync 9.10.2001 15:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 4.8.2004 8:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Items found in C:\WINDOWS\SYSTEM32\drivers\etc\lmhosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 29.5.2006 20:01:18 S 2048 C:\WINDOWS\bootstat.dat 29.5.2006 20:01:28 H 54156 C:\WINDOWS\QTFont.qfn 27.5.2006 23:19:52 R S 236799 C:\WINDOWS\system32\aftiveds.dll 28.5.2006 17:34:20 R S 234199 C:\WINDOWS\system32\g0lmla311d.dll 29.5.2006 20:03:22 R S 236375 C:\WINDOWS\system32\guard.tmp 27.5.2006 23:15:12 R S 236214 C:\WINDOWS\system32\kldhela3.dll 28.5.2006 18:24:52 R S 234919 C:\WINDOWS\system32\KODAL.DLL 27.5.2006 23:50:34 R S 234199 C:\WINDOWS\system32\lfrt.dll 28.5.2006 17:31:20 R S 234199 C:\WINDOWS\system32\nowddi.dll 28.5.2006 20:27:56 R S 234919 C:\WINDOWS\system32\o0660ajsedo60.dll 29.5.2006 20:03:24 H 1024 C:\WINDOWS\system32\config\default.LOG 29.5.2006 20:01:20 H 1024 C:\WINDOWS\system32\config\SAM.LOG 29.5.2006 20:02:30 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 29.5.2006 22:12:00 H 1024 C:\WINDOWS\system32\config\software.LOG 29.5.2006 22:13:40 H 20480 C:\WINDOWS\system32\config\system.LOG 10.5.2006 22:29:40 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 22.4.2006 2:14:28 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f5b4939a-a1e5-443b-9d91-f6991ecd486e 22.4.2006 2:14:28 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 29.5.2006 20:01:22 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 15.9.2004 2:12:08 70144 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 14.5.2003 9:19:16 R 6843904 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL Microsoft Corporation 15.9.2004 2:12:08 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 15.9.2004 2:12:08 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 15.9.2004 2:12:08 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 15.9.2004 2:12:08 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 15.9.2004 2:12:08 154624 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 15.9.2004 2:12:08 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 15.9.2004 2:12:08 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 15.9.2004 2:12:08 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 15.9.2004 2:12:08 68608 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10.11.2005 14:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 9.10.2001 15:00:00 188416 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 15.9.2004 2:12:08 620032 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 9.10.2001 15:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 15.9.2004 2:12:08 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 15.9.2004 2:12:08 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 29.10.2004 17:50:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 9.10.2001 15:00:00 37376 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 15.9.2004 2:12:08 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 15.9.2004 2:12:08 115200 C:\WINDOWS\SYSTEM32\powercfg.cpl Apple Computer, Inc. 3.10.2003 16:14:30 314880 C:\WINDOWS\SYSTEM32\QuickTime.cpl Microsoft Corporation 15.9.2004 2:12:08 299008 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 9.10.2001 15:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 15.9.2004 2:12:08 93696 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 15.9.2004 2:12:08 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.5.2005 4:16:30 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 9.10.2001 15:00:00 188416 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 9.10.2001 15:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 9.10.2001 15:00:00 37376 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 9.10.2001 15:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26.5.2005 4:16:30 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 28.7.2004 16:57:32 HS 84 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini 8.8.2004 11:40:36 893 C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\EPSON Status Monitor 3 Environment Check.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 28.7.2004 17:48:16 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini Checking files in %USERPROFILE%\Startup folder... 28.7.2004 16:57:32 HS 84 C:\Documents and Settings\cellu 2.4\Käynnistä-valikko\Ohjelmat\Käynnistys\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 28.7.2004 17:48:16 HS 62 C:\Documents and Settings\cellu 2.4\Application Data\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] {AA24A616-6176-4C21-888F-15BE985215AE} = C:\WINDOWS\system32\arycfilt.dll {A22D8EAE-D08F-4AB8-A4A7-264EA2EBDB4A} = C:\WINDOWS\system32\csmres.dll {BB077E04-46B3-473B-BC76-C11E2B499934} = C:\WINDOWS\system32\uperenv.dll [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Giant AntiSpyware File Shredder {9838E6E3-6EE5-4434-8521-07F414BD5FEC} = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Documents and Settings\cellu 2.4\Työpöytä\ÄLÄ KOSKE!!!\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{23814B80-52A2-11d0-BC1A-004095606CB9} F-Secure = C:\Program Files\F-Secure Anti-Virus\Common\fpshx.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Käynnistä-valikon nasta = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Documents and Settings\cellu 2.4\Työpöytä\ÄLÄ KOSKE!!!\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{23814B80-52A2-11d0-BC1A-004095606CB9} F-Secure = C:\Program Files\F-Secure Anti-Virus\Common\fpshx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Documents and Settings\cellu 2.4\Työpöytä\ÄLÄ KOSKE!!!\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Päivän vihje = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN-työkalurivi : C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73C00} ButtonText = Web-suodatin : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73F01} MenuText = Näytä &Web-sivuluettelo... : C:\Program Files\F-Secure Anti-Virus\FSPC\fspcmsie.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73F02} MenuText = &Keskeytä Web-sivujen suodatus : C:\Program Files\F-Secure Anti-Virus\FSPC\fspcmsie.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73F03} MenuText = &Kiellä tämä Web-sivusto : C:\Program Files\F-Secure Anti-Virus\FSPC\fspcmsie.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{200DB664-75B5-47c0-8B45-A44ACCF73F04} MenuText = &Salli tämä Web-sivusto : C:\Program Files\F-Secure Anti-Virus\FSPC\fspcmsie.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD} Shell Search Band = %SystemRoot%\system32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Etsintäpalkki = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} Tiedostojen etsintä -Explorer-palkki = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Lähiosoite : %SystemRoot%\System32\browseui.dll {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = : {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Lähiosoite : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Linkit : %SystemRoot%\system32\SHELL32.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar : {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = : {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN-työkalurivi : C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] SoundMan SOUNDMAN.EXE NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz nwiz.exe /install NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit SetIcon C:\Program Files\SMSC\Seticon.exe NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime gcasDtServ gcasDtServ.exe F-Secure Manager "C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE" /splash F-Secure TNB "C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW F-Secure Startup Wizard "C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot ATIPTA "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" KernelFaultCheck %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] AAW [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] NvCplScan nvsc32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 0c43a9b81d84fd6590ff511c2d5b2ef1 C:\Documents and Settings\cellu 2.4\Työpöytä\Älä koske!!\internet\SoftwareInstall.exe NvCplScan nvsc32.exe DNS C:\Program Files\Common Files\mc-110-12-0000140.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item jusched hkey HKLM command C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations LowRiskFileTypes .zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run WinUpdate.exe C:\Program Files\Windows\WinUpdate.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableRegistryTools 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent = Ati2evxx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate = C:\WINDOWS\system32\l6n4lg5q16.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 29.5.2006 22:14:27 Olisin TODELLA kiitollinen jos joku jaksaisi vaivautua auttamaan.
