Kone lopettaa reagoimisen

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Dezliur, Feb 18, 2007.

  1. Dezliur

    Dezliur Guest

    Eli kone lopettaa välillä reagoimisen hiireen, ctrl,alt+delete eli kaikkeen. Siihen ei auta muu kuin buutti ja sen jälkeen kone toimii taas jonkin aikaa normaalisti. Lämmöt ovat normaalit (?), korkein lämpötilä on näyttiksellä 45 levossa.

    Tässä HijackThis-logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:20:16 PM, on 02/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\Program Files\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\Program Files\Avast4\ashSimpl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Lataa FlashGetillä
    - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Lataa kaikki FlashGetillä
    - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Pelit\Poker.com\poker.exe (HKCU)
    O15 - Trusted Zone: *.windowsupdate.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138038965031
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    Tätäkin kirjottaessa meni hetki, kun kone rupesi tökkimään.
     
    Dezliur, Feb 18, 2007
    #1
  2. Hujo

    Hujo Guest

    scannaa hjt:llä merkkaa paina Fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O20 - Winlogon Notify: WBSrv - C:\WINDOWS\


    laita piilotiedostot näkyviin
    * Klikkaa Käynnistä.
    * Avaa Oma Tietokone.
    * Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
    * Valitse Näytä välilehti.
    * Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
    * Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
    * Klikkaa Kyllä varmistaaksesi muutokset.
    * Klikkaa OK.


    Poista vikasiedossa
    C:\WINDOWS\SecureWin31.dll

    aja escan
    Ohjeet tuolla sivulla.
    http://koti.mbnet.fi/pattaya1/escanmwav.htm
    lataa tuosta
    http://www.spywareinfo.dk/download/mwav.exe
    päivitä tuosta
    http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
    laita täpit merkkauksien mukaan
    http://koti.mbnet.fi/pattaya1/eScan6.jpg

    scannaa

    jos ala luukkuun tulee jotain niin kopioi se näin:
    Käytä komentoa Ctrl+A.
    Kopioi rivit komennolla Ctrl+C.
    Liitä rivit komennolla Ctrl+V.

    Laita virus log tänne.

     
    Hujo, Feb 18, 2007
    #2
  3. Dezliur

    Dezliur Guest

    Tota SecureWin31.dll ei löydy, löyty vaan SecureWin32.exe. Voiko ton escanin ajaa siitä huolimatta?
     
    Last edited by a moderator: Feb 18, 2007
    Dezliur, Feb 18, 2007
    #3
  4. Hujo

    Hujo Guest

    Voi ajaa
     
    Hujo, Feb 18, 2007
    #4
  5. Dezliur

    Dezliur Guest

    File C:\Documents and Settings\Henri\Application Data\SecuROM\UserData\???????????p???????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\Henri\Application Data\SecuROM\UserData\???????????p??????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\Program Files\Everest Poker\Everest Poker.exe tagged as not-a-virus:AdWare.Win32.Casino.af. No Action Taken.
    File C:\Program Files\mIRC\backup\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.
    File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.
    File C:\Temp\mirc617.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.617. No Action Taken.


    Tossa toi escanin logi. Ajoin sen vikasietotilassa, jos sillä on merkitystä
     
    Dezliur, Feb 18, 2007
    #5
  6. Hujo

    Hujo Guest

    Tuosta vielä ccleaner

    lataa tuolta http://www.ccleaner.com/download/builds.aspx
    CCleaner v1.34.407 - Basic, joka EI sisällä Yahoo toolbaria !

    laita asetukset näin:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

    aja puhistaja > tutki > putsaa oikea alakulma
    aja virheet > etsi rekisteri virheitä > Korjaa rekisteri virheet.
     
    Hujo, Feb 18, 2007
    #6
  7. Dezliur

    Dezliur Guest

    Last edited by a moderator: Feb 19, 2007
    Dezliur, Feb 19, 2007
    #7
  8. Hujo

    Hujo Guest

    Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
    • Käynnistä tietokone
    • Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
    • Seuraavaksi pitäisi ilmestyä valikko
    • Valitse valikosta vikasietotila.

    • Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
    • Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
    • Paina Y käynnistääksesi skriptin.
    • Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
    • Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
    • Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
    • Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
    • Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
    • Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

    ainahan sitä kaivaa voi :)
     
    Last edited by a moderator: Feb 19, 2007
    Hujo, Feb 19, 2007
    #8
  9. Dezliur

    Dezliur Guest

    Tässä Sdfix:n raportti:



    SDFix: Version 1.66

    Run by Henri - 02/19/2007 @ 19:10:45.29

    Microsoft Windows XP [versio 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:

    Path:


    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found...




    ADS Check:

    C:\WINDOWS\system32
    No streams found.


    Final Check:

    Remaining Services:
    ------------------


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
    "C:\\Temp\\utorrent-1.4.2-beta-build-431.exe"="C:\\Temp\\utorrent-1.4.2-beta-build-431.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
    "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
    "C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat:*:Enabled:patchgrabber"
    "C:\\Pelit\\UT2004\\System\\UT2004.exe"="C:\\Pelit\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
    "C:\\Pelit\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Pelit\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
    "C:\\Pelit\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Pelit\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
    "C:\\Pelit\\BestPoker\\jre\\bin\\javaw.exe"="C:\\Pelit\\BestPoker\\jre\\bin\\javaw.exe:*:Enabled:javaw"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Pelit\\Warcraft III\\Warcraft III.exe"="C:\\Pelit\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\\Pelit\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Pelit\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
    "C:\\Pelit\\HalfLife2\\hl2.exe"="C:\\Pelit\\HalfLife2\\hl2.exe:*:Enabled:hl2"
    "C:\\Documents and Settings\\Henri\\Työpöytä\\utorrent-1.6-beta-build-467.exe"="C:\\Documents and Settings\\Henri\\Työpöytä\\utorrent-1.6-beta-build-467.exe:*:Enabled:µTorrent"
    "C:\\Temp\\utorrent-1.6-beta-build-467.exe"="C:\\Temp\\utorrent-1.6-beta-build-467.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\Filetopia3\\Filetopia.exe"="C:\\Program Files\\Filetopia3\\Filetopia.exe:*:Enabled:Filetopia"
    "C:\\Program Files\\MiniShare\\minishare.exe"="C:\\Program Files\\MiniShare\\minishare.exe:*:Enabled:minishare"
    "C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\WASTE\\WASTE.exe"="C:\\Program Files\\WASTE\\WASTE.exe:*:Enabled:Waste Secure Network"
    "C:\\Program FilesG\\NUnet\\bin\\gnunetd.exe"="C:\\Program FilesG\\NUnet\\bin\\gnunetd.exe:*:Enabled:gnunetd"
    "C:\\Program Files\\Piolet\\Piolet.exe"="C:\\Program Files\\Piolet\\Piolet.exe:*:Enabled:piolet"
    "C:\\Program Files\\Mute\\MUTE\\fileSharingMUTE.exe"="C:\\Program Files\\Mute\\MUTE\\fileSharingMUTE.exe:*:Enabled:fileSharingMUTE"
    "C:\\Program Files\\GNUnet\\bin\\gnunet-update.exe"="C:\\Program Files\\GNUnet\\bin\\gnunet-update.exe:*:Enabled:gnunet-update"
    "C:\\Program Files\\GNUnet\\bin\\gnunetd.exe"="C:\\Program Files\\GNUnet\\bin\\gnunetd.exe:*:Enabled:gnunetd"
    "C:\\Temp\\utorrent.exe"="C:\\Temp\\utorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
    "C:\\Program Files\\RevConnect\\DCPlusPlus.exe"="C:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:Enabled:DC++"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


    Remaining Files:
    ---------------



    Checking For Files with Hidden Attributes :

    C:\Documents and Settings\Henri\Application Data\Microsoft\Windows Live Call\henri@hotmail.com\UserConfiguration.dat
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\install.rdf
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\add_large.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\add_small.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\close16x16.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\dim.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\logo.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\phishing-afterload-warning-message.css
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\protection-opt.css
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\protection-opt.xul
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\protection-overlay.css
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\protection-overlay.xul
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\protection-preferences.css
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\protection-preferences.xul
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\protection.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\safebrowsinglogo.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\tail.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\textbutton.css
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\textbutton.xml
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\warning16x16.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\warning24x24.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\warning32x32.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\content\warning48x48.png
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\locale\en-US\phishing-afterload-warning-message.dtd
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\chrome\chromeFiles\locale\en-US\protection.dtd
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\components\loader.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\defaults\preferences\prefs.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\application.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\browser-view.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\controller.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\enchash-decrypter.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox-commands.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\globalstore.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\listmanager.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\map.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\phishing-afterload-displayer.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\phishing-warden.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\reporter.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\tr-fetcher.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\trtable.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\url-canonicalizer.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\url-crypto-key-manager.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\url-crypto.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\wireformat.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\xml-fetcher.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\alarm.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\base64.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\cryptohasher.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\debug.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\filesystem.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\lang.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\navwatcher.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\objectsafemap.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\observer.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\preferences.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\protocol4.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\tabbedbrowserwatcher.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\firefox\updater.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\google3\arc4.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\google3\eventregistrar.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\google3\lang.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\google3\listdictionary.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\lib\google3\thread-queue.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\META-INF\manifest.mf
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\META-INF\zigbert.rsa
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\safebrowsing@google.com\META-INF\zigbert.sf
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\splash@aldreneo.com\install.rdf
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\splash@aldreneo.com\chrome\splash.jar
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\splash@aldreneo.com\components\.autoreg
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\splash@aldreneo.com\components\splash.js
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\splash@aldreneo.com\defaults\preferences\splash.js
    C:\Documents and Settings\Henri\Application Data\OpenOffice.org2\user\registry\cache\org.openoffice.Office.Commands.dat
    C:\Documents and Settings\Henri\Application Data\OpenOffice.org2\user\registry\cache\org.openoffice.Office.Common.dat
    C:\Documents and Settings\Henri\Application Data\OpenOffice.org2\user\registry\cache\org.openoffice.Office.Compatibility.dat
    C:\Documents and Settings\Henri\Application Data\Opera\Opera\profile\images\portal.opera.com.ico
    C:\Documents and Settings\Henri\Application Data\Opera\Opera\profile\images\warpsurf.com.ico
    C:\Documents and Settings\Henri\Application Data\Opera\Opera\profile\images\widgets.opera.com.ico
    C:\Documents and Settings\Henri\Application Data\Opera\Opera\profile\images\www.kaannos.com.ico
    C:\Documents and Settings\Henri\Application Data\Opera\Opera\profile\images\www.triviabucks.com.ico
    C:\Documents and Settings\Henri\Application Data\SmartBarXP\Henri\Panes\Dictionary.com.sbnews
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Backgrounds\H0C+m00zJnUEpqvrpUwmEeNk+m4=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Backgrounds\IA9vmN0qT34TQ+xiZbPmcxeXUDg=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Backgrounds\lCyhu24yMQt+CJlbGST3Jy9+KEI=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Backgrounds\VfEKKH2K+gUzhtlVXHIvzB2twQ0=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Backgrounds\VoP12bdqQyV2pOm1b3Quh6qvYdc=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\CustomEmoticons\4Z3y2F5Kq0R8DuKvU2Q0hgPvKr8w=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\CustomEmoticons\8EN8+yNPVxlbN+8TWtB6iOa2FKuc=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\CustomEmoticons\Iy9N60IjEls2YRkKhVgXyF2dyEw=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\CustomEmoticons\Pcqt1j6drJm+dQhAGIKnJqK5UV4=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\DynamicBackgrounds\axF7a0ekuiAc7WjQjNmjxYpRX6Q=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\DynamicBackgrounds\B3VEl5u5DvNzgIua1+Zd4Uxt2FLs=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\DynamicBackgrounds\hyiJu8sDcRCbJhl+Ccy2CjQR8lA=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\DynamicBackgrounds\jdI6F7DFhC2OSW2FJWOBKjulvAds=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\UserTile\2st2FsKrrNgIW+2FsHsFeE3FT0QQ8=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\UserTile\9B4e2FRmT2F8sQtGAyCFmTnqlfWhI=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\UserTile\bL0vR+gYGm6YYzAWThpOk5Kj1bk=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\UserTile\dsP7utnSPHNQrL9F2TsXNtszh1M=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\UserTile\LU9e09HVMsArY6nIgkUK7RfyqQo=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\UserTile\S4gUrfdjo5D22FhwJc86Et8YIPpE=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\2FH8ZlCgRS9ylfaoL+gwFHzKeyp8=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\5SYAzoFL2Gum2FEN2uLskOiDM0aE=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\72FjqK0b2FzFkbJWZ+BlMs1OxQprI=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\alxGH2FFbmTzeLEdtRHmv6GBUzdw=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\AzBXDxf+Tcdvcans2TCRnoXh2Fjg=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\cVSciIVsuvAp2F2NRMtTfqFLbJ0Y=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\enMqwlYLN4AvpmaOrIfYLWsVAdA=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\ioAfCdA6Kn0hKsu+Ga1jHJ1UCG8=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\lnHW2s0zHIsgKVjOiirk1ZBZ54g=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\Sgj64GS+QyVyVxkslxY2FFsRARkg=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\SrJJm7YJAcA15VowAhBWXri5yLc=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\tn+dOhziBZ+E4zoUS7frcglxoz0=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\xuzmdPrmqAzU7Ebd0TWqBqcGoKA=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\y4sf3+OJfBypHvYJRsGeAR2FqVd4=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\henri@hotmail.com\ObjectStore\Winks3\Zh9cZsOdVXAK4fAulijLqPGggcA=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Backgrounds\H0C+m00zJnUEpqvrpUwmEeNk+m4=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Backgrounds\IA9vmN0qT34TQ+xiZbPmcxeXUDg=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Backgrounds\lCyhu24yMQt+CJlbGST3Jy9+KEI=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Backgrounds\VfEKKH2K+gUzhtlVXHIvzB2twQ0=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Backgrounds\VoP12bdqQyV2pOm1b3Quh6qvYdc=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\DynamicBackgrounds\axF7a0ekuiAc7WjQjNmjxYpRX6Q=.dt2
    C:\Documents and Settings\Henri\
    Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\DynamicBackgrounds\B3VEl5u5DvNzgIua1+Zd4Uxt2FLs=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\DynamicBackgrounds\hyiJu8sDcRCbJhl+Ccy2CjQR8lA=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\DynamicBackgrounds\jdI6F7DFhC2OSW2FJWOBKjulvAds=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\2st2FsKrrNgIW+2FsHsFeE3FT0QQ8=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\9B4e2FRmT2F8sQtGAyCFmTnqlfWhI=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\bL0vR+gYGm6YYzAWThpOk5Kj1bk=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\cU08SOANXcAgQxTGKQGU5rGg2Fu8=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\CvuEm8CpXHiNcs6mppRHbUzGDDg=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\CWKlKODMVbRMwdc1yYpgQN4+sAA=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\hdZWjoWdfi9yi7efuraGbapqhuM=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\LU9e09HVMsArY6nIgkUK7RfyqQo=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\rk0zfK+JAyq3qcR5oRQlCs0IPC0=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\S4gUrfdjo5D22FhwJc86Et8YIPpE=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\UserTile\VXRmTeZ3ivxmFNtkgipnm4gY7XE=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\2FH8ZlCgRS9ylfaoL+gwFHzKeyp8=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\5SYAzoFL2Gum2FEN2uLskOiDM0aE=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\72FjqK0b2FzFkbJWZ+BlMs1OxQprI=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\alxGH2FFbmTzeLEdtRHmv6GBUzdw=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\AzBXDxf+Tcdvcans2TCRnoXh2Fjg=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\cVSciIVsuvAp2F2NRMtTfqFLbJ0Y=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\enMqwlYLN4AvpmaOrIfYLWsVAdA=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\ioAfCdA6Kn0hKsu+Ga1jHJ1UCG8=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\lnHW2s0zHIsgKVjOiirk1ZBZ54g=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\Sgj64GS+QyVyVxkslxY2FFsRARkg=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\SrJJm7YJAcA15VowAhBWXri5yLc=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\tn+dOhziBZ+E4zoUS7frcglxoz0=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\xuzmdPrmqAzU7Ebd0TWqBqcGoKA=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\y4sf3+OJfBypHvYJRsGeAR2FqVd4=.dt2
    C:\Documents and Settings\Henri\Local Settings\Application Data\Microsoft\Messenger\r0skaa@hotmail.com\ObjectStore\Winks3\Zh9cZsOdVXAK4fAulijLqPGggcA=.dt2
    C:\Documents and Settings\Henri\Application Data\EHEncrypt.dll
    C:\Documents and Settings\Henri\Application Data\EHMD5.dll
    C:\Documents and Settings\Henri\Application Data\EHZComp.dll
    C:\Documents and Settings\Henri\Application Data\MBSEncryptPlugin1636.dll
    C:\Documents and Settings\Henri\Application Data\MBSFolderitemsCreatePlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSIconPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSMacOSXPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSMainPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSMemoryPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSPictureMacPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSPicturePlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSPluginVersionPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSProcessPlugin1636.dll
    C:\Documents and Settings\Henri\Application Data\MBSQTImporterPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSQuickTimePlugin1636.dll
    C:\Documents and Settings\Henri\Application Data\MBSRectPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSRegistrationPlugin1636.dll
    C:\Documents and Settings\Henri\Application Data\MBSRegistryPlugin1636.dll
    C:\Documents and Settings\Henri\Application Data\MBSResPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSResStreamPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSUsernamePlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\MBSWinPlugin1635.dll
    C:\Documents and Settings\Henri\Application Data\rbap450.dll
    C:\Documents and Settings\Henri\Application Data\rbqt450.DLL
    C:\Documents and Settings\Henri\Application Data\RBShell400.dll
    C:\Documents and Settings\Henri\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll.linux
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll.mac
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll.macintel
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll.uninstalled
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\{5f4d6580-3b28-11db-a98b-0800200c9a66}\dictionaries\soikko\libsoikko.dll
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\{5f4d6580-3b28-11db-a98b-0800200c9a66}\platform\WINNT\components\myspell.dll
    C:\Documents and Settings\Henri\Application Data\Mozilla\Firefox\Profiles\q2i4x06u.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform\WINNT_x86-msvc\components\mgMouseService.dll
    C:\Documents and Settings\Henri\Application Data\System Requirements Lab\SRLProxyE.dll
    C:\Documents and Settings\Henri\Application Data\System Requirements Lab\SRLProxyF.dll
    C:\Documents and Settings\Henri\Application Data\System Requirements Lab\SRLProxyG.dll
    C:\Documents and Settings\Henri\Application Data\System Requirements Lab\SRLProxyH.dll
    C:\Documents and Settings\Henri\Application Data\ezpinst.exe
    C:\Documents and Settings\Henri\Application Data\.ABC\torrent\Slysoftin huippu viisikko (090107)h1k.exe.torrent
    C:\Documents and Settings\Henri\Application Data\.ABC\torrentinfo\Slysoftin huippu viisikko (090107)h1k.exe.torrent.info
    C:\Documents and Settings\Henri\Application Data\LimeWire\.NetworkShare\Incomplete\T-2840440-LimeWireWin4.10.9.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{1FEB6B31-0AA1-43BC-B807-8A95B2249596}\NewShortcut1.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{1FEB6B31-0AA1-43BC-B807-8A95B2249596}\NewShortcut3.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{37532E9B-B21C-4951-B84B-CD2B4E8602E1}\ARPPRODUCTICON.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{37532E9B-B21C-4951-B84B-CD2B4E8602E1}\hl2.exe11_37532E9BB21C4951B84BCD2B4E8602E1.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{37532E9B-B21C-4951-B84B-CD2B4E8602E1}\hl2.exe1_37532E9BB21C4951B84BCD2B4E8602E1.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{37532E9B-B21C-4951-B84B-CD2B4E8602E1}\Uninstall_Half_Life__37532E9BB21C4951B84BCD2B4E8602E1.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{778DBCBC-68F4-479E-B14F-4BF708454B90}\ARPPRODUCTICON.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{778DBCBC-68F4-479E-B14F-4BF708454B90}\NewShortcut1_01EE5A38D16B4AB6BA16EFF4C0A27C01.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{778DBCBC-68F4-479E-B14F-4BF708454B90}\NewShortcut2_01EE5A38D16B4AB6BA16EFF4C0A27C01.exe
    C:\Documents and Settings\Henri\Application Data\Microsoft\Installer\{8C92D38B-C1DE-490A-B6D1-AAAA8E17DCE2}\Icon8C92D38B.exe
    C:\Documents and Settings\Henri\Application Data\uTorrent\armyops260.exe.torrent
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
    C:\Documents and Settings\Henri\Application Data\ezplay.sys
    C:\Documents and Settings\Henri\Application Data\pcouffin.sys
    C:\Documents and Settings\Henri\Application Data\OpenOffice.org2\user\registry\cache\org.openoffice.System.dat
    C:\WINDOWS\system32\D55336A62D.sys
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
    C:\WINDOWS\system32\config\default.tmp.LOG
    C:\WINDOWS\system32\config\software.tmp.LOG
    C:\WINDOWS\system32\config\system.tmp.LOG

    Add/Remove Programs List:

    Adobe Photoshop CS2
    AnyDVD
    avast! Antivirus
    BSPlayer
    CasinoEuroPoker (remove only)
    CCleaner (remove only)
    CloneCD
    CloneDVD2
    Diablo II
    eMule
    Everest Poker (Remove Only)
    EVEREST Ultimate Edition v3.01
    ffdshow [rev 896] [2007-02-08]
    Fraps (remove only)
    GTK+ Runtime 2.6.10 rev a (vain poisto)
    Half-Life
    Half-Life II Fix-Bundle
    Hamachi 1.0.1.5
    HijackThis 1.99.1
    Hitman 2 Silent Assassin
    Windows Internet Explorer 7
    Far Cry Demo 2
    IrfanView (remove only)
    Macromedia Shockwave Player
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0
    Miranda IM
    mIRC
    Mozilla Firefox (2.0.0.1)
    NVIDIA Drivers
    OCCT v0.91
    Poker Tracker Version 2.05.02
    PokerOffice (remove only)
    PokerStars
    QuickTime Alternative 1.76
    Real Alternative 1.51
    RevConnect
    RivaTuner v2.0 RC 15.8
    Adobe Flash Player 9 ActiveX
    SpeedFan (remove only)
    SpywareBlaster v3.5.1
    Syntax Wizard II (Full version)
    System Requirements Lab
    TC:Elite Test
    TeamSpeak 2 RC2
    Tropical Poker Client 0.9.5.81
    TypingMaster Pro
    VirtualCloneDrive
    Winamp (remove only)
    WinRAR-pakkausohjelma
    WinTopo
    Wolfenstein - Enemy Territory
    Xvid 1.1.2 final uninstall
    Sunbelt CounterSpy
    MySQL Connector/ODBC 3.51
    Microsoft Bootvis
    TypingMaster Teacher Tools
    Heroes of Might and Magic V
    Adobe Photoshop CS2
    Need for SpeedT Carbon
    The Battle for Middle-earth (tm) II
    FEAR
    Automaattiset valikot (Windows Live Toolbar)
    J2SE Runtime Environment 5.0 Update 6
    Half Life 2
    Far Cry Demo 2
    Ponnahdusikkunoiden esto (Windows Live Toolbar)
    Football Manager 2006
    Nero 7 Demo
    Logitech Gaming Software
    Warhammer Mark of Chaos
    Windows Genuine Advantage v1.3.0254.0
    Diskeeper 2007 Pro Premier
    Command & Conquer The First Decade
    OneCare Advisor (Windows Live Toolbar)
    Company of Heroes Single Player Demo
    Microsoft .NET Framework 2.0
    FEARCombat
    NHL Eastside Hockey Manager 2005
    SpeechRedist
    WinTasks Trial
    Philips GoGear Digital Audio Player
    SigmaTel MSCN Audio Player
    Adobe Common File Installer
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Camtasia Studio 4
    Windows Defender Signatures
    Hitman Blood Money
    Digital Shredder
    PC Connectivity Solution
    OpenOffice.org 2.0
    Adobe Bridge 1.0
    PC Booster
    Adobe Stock Photos 1.0
    Athlon 64 Processor Driver
    Microsoft IntelliType Pro 6.1
    TuneUp Utilities 2007
    Microsoft .NET Framework 1.1
    SUPERAntiSpyware Professional
    NHL07
    GTA San Andreas
    Full Tilt Poker
    TheaterTek DVD 2.0
    Windows Live Messenger
    Corel Paint Shop Pro Photo XI
    GameSpy Comrade
    Adobe Help Center 1.0
    Battlefield 2142
    Outlook-ty”kalurivi (Windows Live Toolbar)
    Sygate Personal Firewall
    Realtek AC'97 Audio
    Thief - Deadly Shadows
    Selaus v„lilehti„ k„ytt„en (Windows Live Toolbar)

    Finished


    Ja hjt-loki

    Logfile of HijackThis v1.99.1
    Scan saved at 7:24:18 PM, on 02/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Lataa FlashGetillä
    - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Lataa kaikki FlashGetillä
    - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Pelit\Poker.com\poker.exe (HKCU)
    O15 - Trusted Zone: *.windowsupdate.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138038965031
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)

    Kun käynnistin hjt:n alkuun tuli tuollainen virheilmoitus.


    An unexpected error has occurred at procedure: modMain_CheckOther1Item()
    Error #5 - Invalid procedure call or argument

    Please email me at merijn@spywareinfo.com, reporting the following:
    * What you were trying to fix when the error occurred, if applicable
    * How you can reproduce the error
    * A complete HijackThis scan log, if possible

    Windows version: Windows NT 5.01.2600
    MSIE version: 6.0.2900.2180
    HijackThis version: 1.99.1

    This message has been copied to your clipboard.
    Click OK to continue the rest of the scan.

    EDIT: Poistelin oikeat sähköpostiosoitteet noista lokeista ;)
     
    Last edited by a moderator: Feb 19, 2007
    Dezliur, Feb 19, 2007
    #9
  10. Hujo

    Hujo Guest

    Lataa Atribunen ATF Cleaner

    Ohjeet;

    Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
    • Main:n alla valitse: Select All
      Klikkaa Empty Selected valintaa.
    Jos käytät FireFoxia selaimenasi
    • Klikkaa Firefox yläpuolelta ja valitse: Select All
      Klikkaa Empty Selected valintaa.
      HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Jos käytät Operaa selaimenasi
    • Klikkaa Opera yläpuolelta ja valitse: Select All
      Klikkaa Empty Selected valintaa taas.
      HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
    Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
    Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
     
    Hujo, Feb 19, 2007
    #10
  11. Dezliur

    Dezliur Guest

    Ei auttanut tuokaan :(. Voisiko syy olla jossain muussa kuin viruksessa/haittaohjelmassa? Kone toimii vikasietotilassa kuten pitääkin.
     
    Dezliur, Feb 20, 2007
    #11
  12. karhi

    karhi Regular member

    Joined:
    Dec 19, 2006
    Messages:
    3,564
    Likes Received:
    0
    Trophy Points:
    46
    Tee korjausasennus.
     
    karhi, Feb 20, 2007
    #12
  13. Dezliur

    Dezliur Guest

    Elikkä jos tekee korjausasennuksen, niin mitään tiedostoja ei poistu...?
     
    Last edited by a moderator: Feb 20, 2007
    Dezliur, Feb 20, 2007
    #13
  14. karhi

    karhi Regular member

    Joined:
    Dec 19, 2006
    Messages:
    3,564
    Likes Received:
    0
    Trophy Points:
    46
    Ei poista tiedostoja eikä ohjelmia, jotain ajureita voit joutua päivittämään.
     
    karhi, Feb 20, 2007
    #14
  15. Dezliur

    Dezliur Guest

    Tein korjausasennuksen, mutta se ei poistanut ongelmaa. Kone lopettaa toimintansa hetken kuluttua käynnistyksestä.
     
    Dezliur, Feb 20, 2007
    #15
  16. karhi

    karhi Regular member

    Joined:
    Dec 19, 2006
    Messages:
    3,564
    Likes Received:
    0
    Trophy Points:
    46
    Voitko kokeilla näyttistä toisessa koneessa tai toista näyttistä tuossa koneessa, kaukaa haettua mutta alkas vaikuttaa rautavialta.
     
    karhi, Feb 20, 2007
    #16
  17. Dezliur

    Dezliur Guest

    Enpä oikeastaan.. Onko mitään muuta keinoa selvittää onko raudassa jotain vikaa, kuin kokeilla eri komponenntteja? Ei taida olla :/

    Edit. Olisko sillä mitään vaikutusta asiaan, kun prossua ja näyttistä on kelloteltu pikkasen?

    Edit 2. Kun kokeilin levyneheytystä vikasietotilassa, kone jökkäsi melkein heti. Sattumaa vai onko kovalevyssä jotain ongelmaa?

    Edit 3. Testasin kovon HD tune ohjelmalla ja sen mukaan kovo on täysin ehjä. Olisiko mahdollista, että jotkut windowsin palvelut käynnistyvät ristiin tjs. kun olen niitä hieman muokannut joidenkin ohjeiden mukaan.

    Edit 4. Testasin tänään Unreal Tournamentia ja NHL Eastside Manager 2005 ja ne toimivat hyvin, sen aikaa kun niitä pelasin. Tämä siis vikasietotilassa. Sitten kun koitin pelata Eastsidea normaalissa tilassa, toimi se hetken hyvin, mutta sen jälkeen kun kävin vessassa, oli kone taas töksähtänyt. Vedetäänkö vaan winukka uusiks ja toivotaan että ongelma lähtis sillä?
     
    Last edited by a moderator: Feb 22, 2007
    Dezliur, Feb 21, 2007
    #17

Share This Page