Kazaan poiston jälkeinen logi

Kone ajettu läpi Microsoft Antispywarella, Spypot, Ad-Awarella ja EasyCleanerilla. Mahtoiko jäädä vielä jotain? Tää on kaverin kone.

Logfile of HijackThis v1.99.1
Scan saved at 21:17:20, on 26.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\brsvc01a.exe
G:\WINDOWS\system32\brss01a.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINDOWS\system32\Brmfrmps.exe
G:\WINDOWS\system32\mgabg.exe
G:\Program Files\Spyware Doctor\sdhelp.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\wdfmgr.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\alg.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
G:\Program Files\ForceShutdown\fsd.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\WINDOWS\system32\PDesk.exe
G:\Program Files\Microsoft AntiSpyware\gcasServ.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
G:\Program Files\Spyware Doctor\swdoctor.exe
G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
G:\Program Files\Down2Home\Down2Home.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
G:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
G:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - G:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - G:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - G:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "G:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] G:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] G:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Force Shutdown] G:\Program Files\ForceShutdown\fsd.exe
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] G:\WINDOWS\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] G:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "G:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Down2Home.lnk = G:\Program Files\Down2Home\Down2Home.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = G:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O8 - Extra context menu item: &Translate English Word - res://G:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://G:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://G:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://G:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://G:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - G:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Palvelut - {0BE8000B-D38D-488C-A1DB-6D0A6C966F00} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {90E57A2B-2DBC-41A2-98A4-2BB14B1ED2AD} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {D555FBAD-A0AA-40BC-B682-745817EA674A} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125603824281
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - G:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - G:\WINDOWS\system32\brsvc01a.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - G:\WINDOWS\system32\mgabg.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - G:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Ohjauspaneeli
Lisää/poista Sovellus, Poista:
Need2Find... (jos löytyy)

Fixaa (Do a system scan only, merkkaa, sulje muut ohjelmat, paina fix cheked ):
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - G:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW

Vikasietotila(F8 käynnistyksen yhteydessä):
G:\Program Files\-->Need2Find<--

Lataa ewido:
-> http://www.ewido.net/en/download/

Päivitä, Scannaa koko kone, poista löydöt ja lähetä sen raportti tänne.

 

Käytä sitten kans tuo KazaaBegone niin lähtee ne viimeisetkin rippeet. Yleensä aina löytyy jotain.

http://koti.mbnet.fi/pattaya1/kazaabegone.htm

 

KazaaBegone on suoritettu.

 

ewido logi

Scan result:

HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-725345543-1547161642-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} -> Spyware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-725345543-1547161642-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-725345543-1547161642-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-90F0-F66AB581A933} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-725345543-1547161642-682003330-1004\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-725345543-1547161642-682003330-1004\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
:mozilla.20:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.21:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.28:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.48:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.52:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.53:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.59:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.60:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.61:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.62:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.65:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.66:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.68:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.69:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.76:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.92:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.160:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.161:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.162:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.167:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.179:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.190:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.191:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.192:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.194:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.195:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.196:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.211:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.217:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.221:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.224:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.236:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.237:C:\WINDOWS\Profiles\jussi\Application Data\Mozilla\Firefox\Profiles\ari8f7q3.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\WINDOWS\Profiles\jussi\Cookies\jussi@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\WINDOWS\Profiles\jussi\Cookies\jussi@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Profiles\jussi\Cookies\jussi@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\System Volume Information\_restore{6D360745-769B-4EEF-98D9-8A549778DA3A}\RP95\A0012514.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\System Volume Information\_restore{6D360745-769B-4EEF-98D9-8A549778DA3A}\RP95\A0012516.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\System Volume Information\_restore{6D360745-769B-4EEF-98D9-8A549778DA3A}\RP95\A0012519.exe -> Spyware.P2PNetworking : Cleaned with backup
:mozilla.17:G:\Documents and Settings\juhani louento\Application Data\Mozilla\Firefox\Profiles\8mblcgzr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:G:\Documents and Settings\juhani louento\Application Data\Mozilla\Firefox\Profiles\8mblcgzr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
G:\Program Files\Uninstall Need2Find Bar.dll -> Spyware.MySearch : Cleaned with backup

 

Logfile of HijackThis v1.99.1
Scan saved at 11:01:06, on 27.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\brsvc01a.exe
G:\WINDOWS\system32\brss01a.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\WINDOWS\system32\Brmfrmps.exe
G:\Program Files\ewido\security suite\ewidoctrl.exe
G:\Program Files\ewido\security suite\ewidoguard.exe
G:\Program Files\Google\Gmail Notifier\gnotify.exe
G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
G:\Program Files\ForceShutdown\fsd.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\WINDOWS\system32\PDesk.exe
G:\Program Files\Microsoft AntiSpyware\gcasServ.exe
G:\WINDOWS\system32\ctfmon.exe
G:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
G:\WINDOWS\system32\mgabg.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\Program Files\Skype\Phone\Skype.exe
G:\Program Files\Down2Home\Down2Home.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
G:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
G:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja dna Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - G:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] G:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "G:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] G:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] G:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] G:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Force Shutdown] G:\Program Files\ForceShutdown\fsd.exe
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] G:\WINDOWS\system32\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] G:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Down2Home.lnk = G:\Program Files\Down2Home\Down2Home.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = G:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.dnainternet.fi
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125603824281
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - G:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - G:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - G:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - G:\WINDOWS\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Loki on kunnossa

 

kiitos paljon !