Järjestelmänvalvoja on poistanut tehtävienhallinnan käytöstä

Kellopeli · Mar 26, 2007

Hjt logi:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:09:30, on 26.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\program files\steam\steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7243 bytes

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Aika kyseenalasia rivejä?

yamaneko · Mar 26, 2007

Lataa Brute Force Uninstaller työpöydällesi.

Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.

Klikkaa "Seuraava"

Valikossa jossa valita mihin tiedostot puretaan,

Klikkaa "Selaa"

Klikkaa + merkkiä "Oman tietokoneen" vieressä.

Klikkaa Local Disk ( C: )

Klikkaa "Tee uusi kansio"

Kirjoita BFU

Klikkaa "Seuraava", ja poista rasti "Näytä puretut tiedostot" valinnasta ja sitten klikkaa "Valmis".

Oikea-klikkaa tässä ja valitse "Save As" (IE:ssä "Save Target As") ladataksesi Coolpics Remover.
Tallenna se kansioon jonka teit aiemmin (c:\BFU).

Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.

Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe

Scriptline to execute kentässä kirjoita tai liitä c:\bfu\coolpics.bfu

Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)

Odota Complete script execution boksia ja klikkaa OK.

Klikkaa exit lopettaaksesi Brute Force Uninstallerin.

Käynnistä normaalisti uudelleen ja postita tuore HijackThis logi.

Jatkuu

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

Sulje kaikki avoimet ikkunat ja ohjelmat.

Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.

Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt

Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )

kopioi ja liitä main.txt ja extra.txt sisältö seuraavaan vastaukseesi.

Edit: lisäsin myös pyynnön liittää main.txt mukaan vastaukseen

Kellopeli · Mar 26, 2007

Hjt logi:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:40:23, on 26.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6867 bytes

main.txt:

Deckard's System Scanner v20070318.32
Run by HP_Administrator on 2007-03-26 at 14:37:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:38:15, on 26.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\HP_Administrator.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-- Files created between 2007-02-26 and 2007-03-26 -----------------------------

2007-03-26 14:17:41 0 d-------- C:\BFU
2007-03-26 13:58:01 0 d-------- C:\WINDOWS\system32\oodag
2007-03-26 13:41:15 0 d-------- C:\Program Files\Defrag Professional<DEFRAG~1>
2007-03-26 12:58:29 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-03-26 12:58:29 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-03-26 12:58:10 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-03-26 12:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1>
2007-03-26 12:58:07 7712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-03-26 12:58:07 1152288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-26 12:57:21 0 d-------- C:\kav
2007-03-26 12:51:55 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-26 12:42:42 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-26 12:42:42 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-26 00:54:40 0 d-------- C:\Program Files\Tiny Firewall Pro<TINYFI~1>
2007-03-25 18:10:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-03-25 14:27:07 0 d-------- C:\Leffat, Musiikki, Tv<LEFFAT~1>
2007-03-22 22:30:40 0 d-------- C:\Program Files\FileZilla Server<FILEZI~1>
2007-03-20 13:43:22 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\foobar2000<FOOBAR~1>
2007-03-20 13:43:16 0 d-------- C:\Program Files\foobar2000<FOOBAR~1>
2007-03-19 00:55:15 0 d-------- C:\Program Files\Red Alert 2<REDALE~1>
2007-03-17 22:39:33 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Hamachi
2007-03-17 22:39:18 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-03-17 20:32:38 0 d-------- C:\Program Files\Age of empires 2<AGEOFE~1>
2007-03-15 12:28:05 69632 --a------ C:\WINDOWS\RAUNINST.EXE
2007-03-13 13:43:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3<AGEOFE~1>
2007-03-13 13:27:35 0 d-------- C:\Program Files\Microsoft Games<MI9A48~1>
2007-03-12 11:55:15 0 d-------- C:\Program Files\ScummVM
2007-03-10 17:39:44 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-03-10 16:42:08 544768 -----n--- C:\WINDOWS\system32\msvcr71d.dll
2007-03-10 16:42:08 765952 -----n--- C:\WINDOWS\system32\msvcp71d.dll
2007-03-10 16:42:08 0 d-------- C:\WINDOWS\Cache
2007-03-10 16:35:44 84992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-03-10 16:35:40 95 --a------ C:\AUTOEXEC.BAT
2007-03-10 16:35:35 138752 --a------ C:\WINDOWS\system32\mase32.dll
2007-03-10 16:35:35 57856 --a------ C:\WINDOWS\system32\masd32.dll
2007-03-10 16:35:35 136192 --a------ C:\WINDOWS\system32\mamc32.dll
2007-03-10 16:35:35 196096 --a------ C:\WINDOWS\system32\macd32.dll
2007-03-10 16:35:34 27648 --a------ C:\WINDOWS\system32\ma32.dll
2007-03-10 16:35:07 171008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys<MARVIN~1.SYS>
2007-03-10 16:34:50 41219 --a------ C:\WINDOWS\RSETPATH.exe
2007-03-10 16:33:26 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-10 16:33:20 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll<PCLEGE~1.DLL>
2007-03-10 16:32:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio<PINNAC~1>
2007-03-09 19:58:06 25734 --a------ C:\WINDOWS\system32\drivers\klop.dat
2007-03-09 19:52:52 200768 --a------ C:\WINDOWS\system32\klogon.dll
2007-03-03 20:39:06 110360 --a------ C:\WINDOWS\system32\drivers\kl1.sys

-- Find3M Report ---------------------------------------------------------------

2007-03-26 14:28:06 0 d-------- C:\Program Files\Steam
2007-03-26 13:45:34 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-03-26 12:43:02 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-26 12:40:14 0 d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft<MICROS~1>
2007-03-25 17:35:39 0 d-------- C:\Program Files\RevConnect<REVCON~1>
2007-03-25 14:22:11 0 d-------- C:\Program Files\Valve Hammer Editor<VALVEH~1>
2007-03-25 13:34:40 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-25 01:11:00 0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~2>
2007-03-24 19:57:37 0 d--h----- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-24 19:19:29 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-03-24 11:05:12 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2007-03-23 20:24:22 0 d-------- C:\Program Files\mIRC
2007-03-22 03:39:19 0 d-------- C:\Program Files\TuneUp Utilities 2007<TUNEUP~1>
2007-03-13 13:21:22 0 d-------- C:\Program Files\Ubisoft
2007-03-11 20:55:51 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-03-09 14:35:32 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-03-09 14:26:12 0 d-------- C:\Program Files\The All-Seeing Eye<THEALL~1>
2007-03-02 21:56:37 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\.gaim<GAIM~1>
2007-02-22 00:16:50 79012 --a------ C:\WINDOWS\hpfins05.dat
2007-02-21 23:43:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2007-02-20 20:35:34 0 d-------- C:\Program Files\Azureus
2007-02-19 15:17:06 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-19 15:14:17 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-02-15 13:45:36 707344 --a------ C:\WINDOWS\system32\oodag.exe
2007-02-15 13:34:30 217360 --a------ C:\WINDOWS\system32\oodbs.exe
2007-02-15 13:16:20 11536 --a------ C:\WINDOWS\system32\oodbsrs.dll
2007-02-15 13:16:10 17168 --a------ C:\WINDOWS\system32\oodagrs.dll
2007-02-15 13:15:58 17168 --a------ C:\WINDOWS\system32\oodagmg.dll
2007-02-15 09:44:32 16656 --a------ C:\WINDOWS\system32\ootmapi.dll
2007-02-14 01:39:35 0 d-------- C:\Program Files\ffdshow
2007-02-13 17:09:48 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-02-12 18:12:11 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-12 02:58:38 32 --a------ C:\WINDOWS\go
2007-02-07 23:28:01 0 d-------- C:\Program Files\FlashFXP
2007-02-06 15:40:13 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-02-06 15:40:13 0 d-------- C:\Program Files\TrackMania United<TRACKM~2>
2007-02-06 15:40:13 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-02-06 15:40:13 0 d-------- C:\Program Files\QuickTime Alternative<QUICKT~1>
2007-02-06 15:40:13 0 d-------- C:\Program Files\Microsoft Works<MICROS~2>
2007-02-06 15:40:13 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-06 15:40:13 0 d--h----- C:\Program Files\GemMaster<GEMMAS~1>
2007-02-06 15:40:13 0 d--h----- C:\Program Files\EnglishOtto<ENGLIS~1>
2007-02-03 04:48:27 0 d-------- C:\Program Files\B2BPOKER
2007-01-31 20:45:00 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\.ABC<ABC~1>
2007-01-31 14:16:20 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent<BITTOR~1>
2007-01-28 12:09:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2007-01-26 14:31:37 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\FlashFXP
2007-01-26 04:27:32 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-26 04:22:58 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Corel
2007-01-26 04:22:56 88 -r-hs---- C:\WINDOWS\system32\4687B4919E.sys<4687B4~1.SYS>
2007-01-25 15:32:59 1 --a------ C:\WINDOWS\system32\SI.bin
2007-01-24 16:27:30 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll<XA3066~1.DLL>
2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-18 15:28:26 37 --a------ C:\WINDOWS\r007
2007-01-12 14:32:23 34308 --a------ C:\WINDOWS\system32\Chip.dll
2007-01-09 19:46:02 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-01-08 16:30:42 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2007-01-07 16:04:51 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"ATICCC"="\"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwavscan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwavscan"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"freenet-darknet"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr"=dword:00000001
"DisableRegistryTools"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command

-- End of Deckard's System Scanner: finished at 2007-03-26 at 14:38:39 ---------

extra.txt:

Deckard's System Scanner v20070318.32
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3400+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1022.48 MiB / 606.88 MiB
Pagefile Memory (total/avail): 2458.46 MiB / 2107.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1983.97 MiB

C: is Fixed (NTFS) - 225.87 GiB total, 73.09 GiB free.
D: is Fixed (FAT32) - 6.99 GiB total, 1.77 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: ZoneAlarm Pro Firewall v7.0.302.000 (Check Point, LTD.) Disabled
FW: Norton Internet Security v2007 (Symantec Corporation)
FW: Norton 360 v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)
AV: Kaspersky Anti-Virus v6.0.2.621 () Disabled
AV: F-Secure Anti-Virus Client Security 6.02 v6.02 (F-Secure Corporation)
AV: Norton 360 v2007 (Symantec Corporation)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HALLILA2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\HALLILA2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PYTHON22;C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=HALLILA2
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{7B76034B-B3ED-46D5-8C66-DEB102CB830A}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Command & Conquer Red Alert 2 --> C:\Program Files\Red Alert 2\Uninstll.EXE
Command && Conquer Red Alert 2 - Yuri's Revenge --> C:\Program Files\Red Alert 2\Uninstll.EXE
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
ffdshow [rev 896] [2007-02-08] --> "C:\Program Files\ffdshow\unins000.exe"
FileZilla Server (remove only) --> "C:\Program Files\FileZilla Server\uninstall.exe"
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
foobar2000 v0.9.4.2 --> "C:\Program Files\foobar2000\uninstall.exe"
Foxit Reader --> C:\Program Files\Foxit Reader\Uninstall.exe
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
GTK+ Runtime 2.10.6 rev a (vain poisto) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.0 --> "C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 3900 series --> C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Image Zone for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Localization Pack for Microsoft Windows XP Media Center Edition --> MsiExec.exe /I{9E667C7C-F80C-4B91-BCBA-01CBA164A5E9}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MainConcept for Software Encoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E7A02A01-C75A-4490-A168-5CA709A3D862}
Max Payne 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\setup.exe" -l0x9
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{2EF8368A-5670-45C0-82F1-D7B00F7E7AB8}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.8) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.8 (fi)"
MUI Help Package - FIN --> C:\WINDOWS\$NtUninstallKB841625_FIN$\spuninst\spuninst.exe
Nero 7 Premium --> MsiExec.exe /I{4908C75E-E5E2-43F7-B1DF-023CBA831033}
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime Alternative 1.76 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe"
RevConnect --> "C:\Program Files\RevConnect\uninstall.exe"
ScummVM 0.7.1 --> "C:\Program Files\ScummVM\unins000.exe"
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
The Settlers II - 10th Anniversary --> "C:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\uninstall.exe"
TrackMania United 0.2.0.0 --> "C:\Program Files\TrackMania United\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Valve Hammer Editor --> C:\PROGRA~1\VALVEH~1\UNWISE.EXE C:\PROGRA~1\VALVEH~1\INSTALL.LOG
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
Westwood Shared Internet Components --> C:\Program Files\Red Alert 2\Shared Internet Components\UnstllAP.EXE
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- End of Deckard's System Scanner: finished at 2007-03-26 at 14:37:04 ---------

Toivottavasti toi nyt tuli niinkun pitikin kun tuli vähän mutkia matkaan.

yamaneko · Mar 26, 2007

Mitä mutkia tuli matkaan?

Kellopeli · Mar 26, 2007

Eipä kyl mitään vakavaa, mutta oli vähän ongelmaa ton Deckard's System Scannerin kanssa kun oli väärä versio Hijackthis:sta ja jouduin ajaan ton ohjelman pariin otteeseen.

yamaneko · Mar 26, 2007

Mikä antivirus ja palomuuri sinulla on nyt käytössäsi?

1. Tallenna Hijackthis omaan kansioon, esim. C:\Hjt\Hijackthis.exe

2. Käynnistä Hijackthis ja valitse Do a system scan only ja valitse seuraavat rivit

O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file)
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

4. Valitse lopuksi Fix checked

5. Mene http://www.virustotal.com/ ja lähetä seuraava tiedosto:
(valitse Choose, etsi ao. tiedosto, lopuksi Send)

C:\WINDOWS\system32\4687B4919E.sys

ja ilmoita mahdollista löydöksistä

6. Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

--- Alkaa - älä laita tätä riviä mukaan ---
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000
--- Loppuu - älä laita tätä riviä mukaan ---

Tuplaklikkaa fix.reg ja paina Kyllä ja OK.

7. Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Käynnistä AVG Anti-Spyware.

Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.

Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".

Sitten "Reports" valikon alta:

Laita täppi kohtaan "Automatically generate report after every scan"

Ota täppi pois kohdasta"Only if threats were found"

Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa

"Resident shield is", muuta tila active:sta inactive:ksi

Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä koneesi vikasietotilaan, Ohje!

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.

Kun vikasietotilassa, käynnistä AVG Anti-Spyware.

Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".

AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"

Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.

Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.

Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.

Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.

Log in or Sign up

Järjestelmänvalvoja on poistanut tehtävienhallinnan käytöstä

Kellopeli Guest

yamaneko Senior member

Kellopeli Guest

yamaneko Senior member

Kellopeli Guest

yamaneko Senior member

Share This Page

Log in or Sign up

Järjestelmänvalvoja on poistanut tehtävienhallinnan käytöstä

Kellopeli Guest

yamaneko Senior member

Kellopeli Guest

yamaneko Senior member

Kellopeli Guest

yamaneko Senior member

Share This Page

Useful Searches