Kone tukossa+netti lagittaa+logi

De_Nitro · May 25, 2007

Mulla on kone aika tukossa, sillä aina, kun käynnistän koneen, tulee heti F-Securelta virus varoitus, jonka se poistaa. Pop-uppeja tulee firefoxissa ärsyttävästi; kun käynnistää Firen, se tuo heti alussa IE7 tulevan pop-upin, jossa tulee: sivua ei voi näyttää. Ja joskus, tulee välilehtiinkin Virus tarkistus/torjunta "tarjouksia". Pitäisi vielä eheyttääkkin koko paska, että mahdollisesti nopeutuisi...

Toinen valituksen aihe löytyy netin nopeudessa, tai enemmänkin siinä, että se tuntuu olevan hyyvin hidas/lagittava.
Esimerkki 1:
µTorrent tuntui lataavan nopeeta (no, se lataa nyttekkin...), mutta upload nopeus ihmetyttää, sillä ennen, uploadi oli 40 kt/s luokkaa (rajoitus on 40 kt/s), mutta nyt tuntuu vain olevan <10 kt/s. DC++ taas on kannettavassa sellainen ongelma (ehkä "suuressa" koneessakin), että kun lataa jotain, siinä kestää Connecting... tilassa kauan ja kun se alkaa lataamaan, lataus on joko nopeaa tai hi-das-ta, tai tulee connection timeout. Missä vika vai...?

Esimerkki 2:
Kun teki mieli pelata CS:S, Steam ei oikein tunnu löytävän servuja enään, kuin ennen; vain <60 servua, kun ennen näkyi jopa 2000 servua parhaimillaan! Ja kun joinaan peliin, lagi on hirveä: 300-500! Eikä kannettavalla ole edes DC++ päällä! Ja tässäkin, missä vika?

Virus torjunta: F-Secure Anti-Virus Client Security ja tässä HjT logi:

Logfile of HijackThis v1.99.1
Scan saved at 21:22:30, on 25.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.msn.com/flash/?mkt=fi-fi&version=7,0,60,0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {151193F2-6D9B-4DE1-9EBF-9DA8BE813339} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\qomjige.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\whacrveu.dll",realset
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST -ilmaisinalue.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O20 - Winlogon Notify: qomjige - C:\WINDOWS\SYSTEM32\qomjige.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Apua pyytelisin... sitten kun pystytte!

Auttaja · May 25, 2007

Belongs to PWS Bluedit trojan keylogger and password stealer. Tollasta esim. koneella

=======

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

=======

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

De_Nitro · May 26, 2007

Juu, kaikki tehty ja viime yönäkin tuli eheytettyä! Tässä logit:

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:07:03 26.5.2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\acrvhorq.ini
C:\WINDOWS\system32\fmbnrebd.dll
C:\WINDOWS\system32\fwupsjvh.dll
C:\WINDOWS\system32\gtdkekfr.dll
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\jdyodpjl.dll
C:\WINDOWS\system32\kffpctoj.dll
C:\WINDOWS\system32\mcatlspd.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mtbtrtfi.dll
C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qrohvrca.dll
C:\WINDOWS\system32\ssqnkih.dll
C:\WINDOWS\system32\tslbqire.exe
C:\WINDOWS\system32\uevrcahw.ini
C:\WINDOWS\system32\whacrveu.dll
C:\WINDOWS\system32\vymwqdbc.dll
C:\WINDOWS\system32\yirygnls.exe
C:\WINDOWS\system32\yxnfolfn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\acrvhorq.ini
C:\WINDOWS\system32\acrvhorq.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fmbnrebd.dll
C:\WINDOWS\system32\fmbnrebd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwupsjvh.dll
C:\WINDOWS\system32\fwupsjvh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gtdkekfr.dll
C:\WINDOWS\system32\gtdkekfr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\hjllm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jdyodpjl.dll
C:\WINDOWS\system32\jdyodpjl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcatlspd.dll
C:\WINDOWS\system32\mcatlspd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mtbtrtfi.dll
C:\WINDOWS\system32\mtbtrtfi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qomjige.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qrohvrca.dll
C:\WINDOWS\system32\qrohvrca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkih.dll
C:\WINDOWS\system32\ssqnkih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tslbqire.exe
C:\WINDOWS\system32\tslbqire.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uevrcahw.ini
C:\WINDOWS\system32\uevrcahw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\whacrveu.dll
C:\WINDOWS\system32\whacrveu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vymwqdbc.dll
C:\WINDOWS\system32\vymwqdbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yirygnls.exe
C:\WINDOWS\system32\yirygnls.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yxnfolfn.dll
C:\WINDOWS\system32\yxnfolfn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qomjige.dll Has been deleted!

Performing Repairs to the registry.
Done!

Niko - 07-05-26 9:59:27,59 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Niko\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))

2007-05-25 22:37 <KANSIO> d-------- C:\Program Files\Astral
2007-05-25 21:44 <KANSIO> dr-h----- C:\Documents and Settings\Niko\Recent
2007-05-25 21:42 <KANSIO> d-------- C:\Program Files\CCleaner
2007-05-25 21:40 50,745 --a------ C:\WINDOWS\system32\rbioqodh.dll
2007-05-25 21:08 <KANSIO> d-------- C:\hjt
2007-05-22 17:10 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-22 16:57 <KANSIO> d-------- C:\Program Files\Alcohol Soft
2007-05-19 14:29 132,660 --a------ C:\WINDOWS\system32\whacrveu.dll
2007-05-17 14:15 <KANSIO> d-------- C:\Program Files\Lionhead Studios Ltd
2007-05-17 14:15 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
2007-05-17 12:12 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-05-17 12:12 <KANSIO> d-------- C:\Program Files\AviSynth 2.5
2007-05-17 12:11 <KANSIO> d-------- C:\Program Files\Gabest
2007-05-17 12:11 <KANSIO> d-------- C:\Program Files\AutoGK
2007-05-16 22:13 <KANSIO> d-------- C:\Program Files\URUSoft
2007-05-10 20:05 <KANSIO> d-------- C:\Program Files\Doom 3
2007-05-09 17:04 <KANSIO> d-------- C:\Program Files\uTorrent
2007-05-09 17:04 <KANSIO> d-------- C:\Documents and Settings\Niko\Application Data\uTorrent
2007-05-08 20:22 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-05-07 20:24 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-05-07 20:24 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-05-07 18:10 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-05-06 17:44 <KANSIO> d-------- C:\Documents and Settings\Niko\Application Data\Logitech
2007-05-06 17:39 71,680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-05-06 17:39 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-05-06 17:39 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-05-06 17:39 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-05-06 17:39 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-05-06 17:39 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-05-06 17:39 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-05-06 17:39 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-05-06 17:39 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-05-06 17:29 132,660 --a------ C:\WINDOWS\system32\qrohvrca.dll
2007-05-06 02:23 <KANSIO> d-------- C:\Program Files\TRABULANCE
2007-05-04 21:13 27,264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-05-03 19:21 <KANSIO> d-------- C:\Program Files\Kasumi

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-26 10:00 726165 ---hs---- C:\WINDOWS\system32\hjllm.ini2
2007-05-26 09:53 -------- d-------- C:\Program Files\Mozilla Firefox
2007-05-26 09:51 724499 ---hs---- C:\WINDOWS\system32\hjllm.bak1
2007-05-26 09:50 724006 ---hs---- C:\WINDOWS\system32\hjllm.bak2
2007-05-25 22:33 -------- d-------- C:\Program Files\DC++
2007-05-24 20:01 -------- d-------- C:\Program Files\WinRAR
2007-05-24 20:01 -------- d-------- C:\Program Files\Mozilla Thunderbird
2007-05-24 20:01 -------- d-------- C:\Program Files\K-Meleon
2007-05-24 20:01 -------- d-------- C:\Program Files\GameSpy Arcade
2007-05-24 20:01 -------- d-------- C:\Program Files\GameBiz2
2007-05-24 20:01 -------- d-------- C:\Documents and Settings\Niko\Application Data\Azureus
2007-05-24 19:08 -------- d-------- C:\Program Files\MAIET
2007-05-19 13:40 28696 --a------ C:\Documents and Settings\Niko\Application Data\GDIPFONTCACHEV1.DAT
2007-05-17 20:44 547 --a------ C:\Documents and Settings\Niko\Application Data\AutoGK.ini
2007-05-17 14:46 -------- d-------- C:\Documents and Settings\Niko\Application Data\Lionhead Studios
2007-05-17 14:23 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-05-17 11:04 -------- d-------- C:\Program Files\Winamp
2007-05-09 17:08 -------- d-------- C:\Program Files\Azureus
2007-05-09 16:49 -------- d-------- C:\Program Files\Internet Explorer
2007-05-07 18:10 -------- d-------- C:\Program Files\Common Files\Logitech
2007-05-06 17:39 -------- d-------- C:\Program Files\Logitech
2007-04-29 02:36 -------- d-------- C:\Program Files\illusion
2007-04-28 15:21 -------- d-------- C:\Program Files\Warcraft III
2007-04-25 15:50 -------- d-------- C:\Documents and Settings\Niko\Application Data\MusicIP
2007-04-23 17:28 -------- d-------- C:\Documents and Settings\Niko\Application Data\Command & Conquer 3 Tiberium Wars
2007-04-21 16:29 -------- d-------- C:\Program Files\Ubisoft
2007-04-20 18:53 -------- d-------- C:\Program Files\PopCap Games
2007-04-20 15:03 -------- d-------- C:\Program Files\Starcraft
2007-04-19 20:16 967 --a------ C:\WINDOWS\ScUnin.pif
2007-04-19 20:16 68096 --a------ C:\WINDOWS\ScUnin.exe
2007-04-19 17:57 262888 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2007-04-19 17:46 -------- d-------- C:\Program Files\DivXLand
2007-04-18 19:14 2854400 --a------ C:\WINDOWS\system32\msi.dll
2007-04-15 00:02 171520 --a------ C:\WINDOWS\system32\cncs32.dll
2007-04-14 22:31 -------- d-------- C:\Program Files\Opera
2007-04-14 18:02 123972 --a------ C:\WINDOWS\system32\jdyodpjl.dll
2007-04-14 12:10 123972 --a------ C:\WINDOWS\system32\fmbnrebd.dll
2007-04-14 08:40 123972 --a------ C:\WINDOWS\system32\vymwqdbc.dll
2007-04-13 20:51 123972 --a------ C:\WINDOWS\system32\yxnfolfn.dll
2007-04-13 15:28 123972 --a------ C:\WINDOWS\system32\mcatlspd.dll
2007-04-12 21:20 -------- d-------- C:\Program Files\Java
2007-04-12 21:01 123972 --a------ C:\WINDOWS\system32\fwupsjvh.dll
2007-04-12 20:53 123972 --a------ C:\WINDOWS\system32\mtbtrtfi.dll
2007-04-12 14:46 123972 --a------ C:\WINDOWS\system32\gtdkekfr.dll
2007-04-11 07:25 48708 --a------ C:\WINDOWS\system32\kffpctoj.dll
2007-04-10 22:50 -------- d-------- C:\Program Files\YAMIKUMO
2007-04-09 11:39 -------- d-------- C:\Program Files\Packard Bell Data Secure
2007-04-08 18:40 -------- d-------- C:\Program Files\Soldier of Fortune II - Double Helix GOLD
2007-04-08 14:15 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-04-05 16:19 -------- dr-h----- C:\Documents and Settings\Niko\Application Data\SecuROM
2007-04-05 16:04 -------- d-------- C:\Program Files\Electronic Arts
2007-04-03 17:31 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-03-30 20:26 -------- d-------- C:\Program Files\Rockstar Games
2007-03-27 22:12 26730 --a------ C:\WINDOWS\system32\qomjige.dll
2007-03-26 17:02 -------- d-------- C:\Program Files\Codemasters
2007-03-26 13:13 -------- d-------- C:\Program Files\UltraISO
2007-03-26 13:13 -------- d-------- C:\Program Files\Common Files\EZB Systems
2007-03-26 13:13 -------- d-------- C:\Program Files\Common Files
2007-03-18 20:47 88340 --a------ C:\WINDOWS\system32\yirygnls.exe
2007-03-17 16:44 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 20:51 88340 --a------ C:\WINDOWS\system32\tslbqire.exe
2007-03-09 20:51 282212 ---hs---- C:\WINDOWS\system32\mlljh.dll
2007-03-09 20:46 26685 ---hs---- C:\WINDOWS\system32\ssqnkih.dll
2007-03-08 18:38 578048 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 18:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 18:34 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-08 02:51 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-02-28 19:02 2182656 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 19:02 2059904 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-27 16:32 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-02-27 16:32 105984 --a------ C:\WINDOWS\system32\url.dll
2007-02-27 16:32 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-02-27 16:31 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-02-27 16:31 51712 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2007-02-27 16:31 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2007-02-27 16:31 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-02-27 16:31 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-02-27 16:31 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-02-27 16:31 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-02-27 16:31 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-02-27 16:31 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-02-27 11:20 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-02-27 11:20 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"Steam"=""
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"IESet"="IExplorer.dll .dbt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"SoundMan"="SOUNDMAN.EXE"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"EPSON Stylus Photo RX520 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAGE.EXE /P31 \"EPSON Stylus Photo RX520 Series\" /O6 \"USB001\" /M \"Stylus Photo RX520\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"IESet"="IExplorer.dll .dbt"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"setup"="rundll32.exe \"C:\\WINDOWS\\system32\\whacrveu.dll\",realset"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IESet"="IExplorer.dll .dbt"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"IESet"="IExplorer.dll .dbt"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"IESet"="IExplorer.dll .dbt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjige

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup
Completion time: 07-05-26 10:00:39.01
C:\ComboFix.txt ... 07-05-26 10:00
C:\ComboFix2.txt ... 07-01-12 16:57
C:\ComboFix3.txt ... 07-01-11 15:40

Logfile of HijackThis v1.99.1
Scan saved at 10:34:29, on 26.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\hjt\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.msn.com/flash/?mkt=fi-fi&version=7,0,60,0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\rbioqodh.dll
O2 - BHO: (no name) - {73C3FCFC-FACC-47E6-BF53-D364242E17D1} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST -ilmaisinalue.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Tässä on kaikki! Entäs nyt? Näyttääkö hyvältä?
EDIT: Niin, siitä netistä... testailin jälleen CS:S ja lagi oli hirveät 500-700! Eikö kukaan tiedä, mistä voisi johtua?

Auttaja · May 26, 2007

Siitä että haittaohjelmat syö nettiä

=====

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINDOWS\system32\rbioqodh.dll
[*]C:\WINDOWS\system32\hdoqoibr.*
[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.

========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt

Tässä ohje miten merkataan:

Etsi toiminnolla poista IExplorer.dll tiedosto

========

Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

Uusi Hijackthislogi myös

De_Nitro · May 26, 2007

Juuh, jälleen logit (Dr. tarkistus meni myöhäselle...)

A0114717.exe C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP371 Win95.SK Incurable.Moved.
A0115105.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP376 Trojan.Virtumod Deleted.
A0121002.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121003.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121004.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121006.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121007.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121008.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121009.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121010.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121011.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121012.exe C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Adware.TopSearch Incurable.Moved.
A0121013.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121014.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121015.exe C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Adware.TopSearch Incurable.Moved.
A0121016.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121024.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP391 Trojan.Virtumod Deleted.
A0121168.dll C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Virtumod Deleted.
fmbnrebd.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
fwupsjvh.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
gtdkekfr.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
jdyodpjl.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
mcatlspd.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
mlljh.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
mtbtrtfi.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
qomjige.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
qrohvrca.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
rbioqodh.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
ssqnkih.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
tslbqire.exe.bad C:\VundoFix Backups Adware.TopSearch Incurable.Moved.
vymwqdbc.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
whacrveu.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
yirygnls.exe.bad C:\VundoFix Backups Adware.TopSearch Incurable.Moved.
yxnfolfn.dll.bad C:\VundoFix Backups Trojan.Virtumod Deleted.
Dd30.exe F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Trojan.Swizzor Deleted.
Dd31.exe F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Trojan.Swizzor Deleted.
Dd32.exe F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Trojan.Swizzor Deleted.
Dd35.exe F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Trojan.Swizzor Deleted.
Dd37.exe F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Trojan.Swizzor Deleted.
Dd38.exe F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Trojan.Swizzor Deleted.
Dd39.exe F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Trojan.Swizzor Deleted.
Dd40.upd F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Adware.TVMedia Incurable.Moved.
Dd41.exe F:\RECYCLER\S-1-5-21-1214440339-1957994488-1060284298-1000 Trojan.Swizzor Deleted.
A0121187.exe F:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Swizzor Deleted.
A0121188.exe F:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Swizzor Deleted.
A0121189.exe F:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Swizzor Deleted.
A0121190.exe F:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Swizzor Deleted.
A0121191.exe F:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Swizzor Deleted.
A0121192.exe F:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Swizzor Deleted.
A0121193.exe F:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Swizzor Deleted.
A0121194.exe F:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP397 Trojan.Swizzor Deleted.
fscax.dll F:\Vanhan_koneen_C_osio\WINDOWS\Downloaded Program Files Probably BINARYRES Incurable.Moved.

Tuossa Dr. ja HtJ viel....

Logfile of HijackThis v1.99.1
Scan saved at 0:41:14, on 27.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.msn.com/flash/?mkt=fi-fi&version=7,0,60,0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\rbioqodh.dll (file missing)
O2 - BHO: (no name) - {73C3FCFC-FACC-47E6-BF53-D364242E17D1} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST -ilmaisinalue.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Kuis ny näyttää?

Auttaja · May 26, 2007

Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.

Paremmalta.

==========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\rbioqodh.dll (file missing)
O2 - BHO: (no name) - {73C3FCFC-FACC-47E6-BF53-D364242E17D1} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

Tässä ohje miten merkataan:

==========

1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokoneesi vikasietotilaan

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

==========

Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:

Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille

==========

Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"

Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.

Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

De_Nitro · May 27, 2007

Juu, taas tuli tehtyä kaikki, tässä ensin AVG logi...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:15:45 27.5.2007

+ Scan result:

C:\Documents and Settings\Yhteinen\Omat tiedostot\Jako\mario and luigi crack.zip/mario and luigi crack.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Tiia\Käynnistä-valikko\Ohjelmat\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.84:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.227:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.228:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.533:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Bbmedia : Cleaned.
:mozilla.534:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Bbmedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.224:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.225:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.226:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.188:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.173:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.802:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.803:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.804:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Cnw : Cleaned.
:mozilla.50:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.573:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.574:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Juha\Cookies\juha@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Niko\Cookies\niko@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Niko\Cookies\niko@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.30:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.18:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.19:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.20:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.21:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.22:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.23:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.162:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.163:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.637:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.236:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.237:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.127:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.129:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.20:C:\Documents and Settings\Riitta\Application Data\Mozilla\Firefox\Profiles\vyvazrd1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.49:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.67:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.68:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.84:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.85:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.35:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.37:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.135:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.145:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.94:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.104:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.268:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.269:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.270:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.211:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.212:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.213:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.214:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.215:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.216:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.217:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.218:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.703:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.704:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.115:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.116:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.118:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.195:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.26:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.8:C:\Documents and Settings\Riitta\Application Data\Mozilla\Firefox\Profiles\vyvazrd1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.11:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.18:C:\Documents and Settings\Riitta\Application Data\Mozilla\Firefox\Profiles\vyvazrd1.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.25:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.44:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.54:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.147:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.148:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.149:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.151:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.280:F:\Vanhan_koneen_C_osio\Documents and Settings\Kotikäyttäjä\Application Data\Mozilla\Firefox\Profiles\o8q8wzhn.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.56:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.13:C:\Documents and Settings\Riitta\Application Data\Mozilla\Firefox\Profiles\vyvazrd1.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.14:C:\Documents and Settings\Riitta\Application Data\Mozilla\Firefox\Profiles\vyvazrd1.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.57:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.58:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.59:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.223:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.323:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.37:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.9:F:\Varmistus\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Juha\Cookies\juha@m.webtrends[3].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Riitta\Cookies\riitta@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
F:\Varmistus\Documents and Settings\Juha\Cookies\juha@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.182:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.21:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.22:C:\Documents and Settings\Juha\Application Data\Mozilla\Firefox\Profiles\rakvj2ii.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.10:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.15:C:\Documents and Settings\Yhteinen\Application Data\Mozilla\Firefox\Profiles\2vppcdb7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Yhteinen\Omat tiedostot\Jako\Pelit\Starcraft Broodwar 1.10 No Cd (With Official Update).zip/BWLOAD110.exe -> Trojan.Agent : Cleaned with backup (quarantined).

::Report end

..sitten DSS logit...

Deckard's System Scanner v20070426.43
Run by Niko on 2007-05-27 at 14:32:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
33: 2007-05-27 11:32:22 UTC - RP398 - Deckard's System Scanner Restore Point
32: 2007-05-26 11:05:04 UTC - RP397 - Installed Zero Hour Retarded
31: 2007-05-26 10:56:17 UTC - RP396 - Removed Zero Hour Retarded
30: 2007-05-26 10:51:17 UTC - RP395 - Installed Zero Hour Retarded
29: 2007-05-26 10:50:49 UTC - RP394 - Removed Zero Hour Retarded

-- First Restore Point --
1: 2007-05-13 19:31:15 UTC - RP366 - Järjestelmän tarkistuspiste

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Niko.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:34:48, on 27.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Documents and Settings\Niko\Työpöytä\Virusten poisto ohjelmia\dss.exe
C:\hjt\Niko.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.msn.com/flash/?mkt=fi-fi&version=7,0,60,0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST -ilmaisinalue.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-- HijackThis Fixed Entries (C:\hjt\backups\) ----------------------------------

backup-20070526-192526-268 O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
backup-20070526-192526-645 O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
backup-20070526-192526-873 O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
backup-20070527-112448-254 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070527-112448-305 O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\rbioqodh.dll (file missing)
backup-20070527-112448-474 O2 - BHO: (no name) - {73C3FCFC-FACC-47E6-BF53-D364242E17D1} - C:\WINDOWS\system32\mlljh.dll (file missing)
backup-20070527-112448-649 O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - NOTEDAD.EXE %1
.ini - inifile - shell\open\command - NOTEDAD.EXE %1
.reg - regfile - shell\edit\command - NOTEDAD.EXE %1
.txt - txtfile - shell\open\command - NOTEDAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 ISODrive (ISO CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BackWeb Plug-in - 7681197 (F-Secure Automatic Update) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe <Not Verified; F-Secure Automatic Update; RunnerEXE Application>
R2 fsbwsys - "c:\program files\f-secure\backweb\7681197\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb>
R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\f-secure\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>

-- Files created between 2007-04-27 and 2007-05-27 -----------------------------

2007-05-27 14:31:29 0 dr-h----- C:\Documents and Settings\Niko\Recent
2007-05-26 19:27:19 0 d-------- C:\Documents and Settings\Niko\DoctorWeb
2007-05-26 10:07:03 0 d-------- C:\VundoFix Backups
2007-05-25 22:37:56 0 d-------- C:\Program Files\Astral
2007-05-25 21:42:50 0 d-------- C:\Program Files\CCleaner
2007-05-25 21:08:05 0 d-------- C:\hjt
2007-05-22 17:10:11 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-22 16:57:13 0 d-------- C:\Program Files\Alcohol Soft
2007-05-17 14:15:49 0 d-------- C:\Program Files\Lionhead Studios Ltd
2007-05-17 14:15:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
2007-05-17 12:12:36 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2007-05-17 12:12:29 0 d-------- C:\Program Files\AviSynth 2.5
2007-05-17 12:11:54 0 d-------- C:\Program Files\Gabest
2007-05-17 12:11:10 0 d-------- C:\Program Files\AutoGK
2007-05-16 22:13:10 0 d-------- C:\Program Files\URUSoft
2007-05-16 13:07:53 0 d-------- C:\Program Files\MERCURE
2007-05-14 09:09:58 0 d-------- C:\Program Files\ZyX
2007-05-10 20:05:10 0 d-------- C:\Program Files\Doom 3
2007-05-09 17:04:32 0 d-------- C:\Documents and Settings\Niko\Application Data\uTorrent
2007-05-09 17:04:29 0 d-------- C:\Program Files\uTorrent
2007-05-08 20:17:45 0 d-------- C:\Documents and Settings\Juha\Application Data\Logitech
2007-05-07 18:10:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-05-06 17:44:30 0 d-------- C:\Documents and Settings\Niko\Application Data\Logitech
2007-05-06 17:39:57 13568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
2007-05-06 17:39:48 71680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
2007-05-06 17:39:48 56064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
2007-05-06 17:39:40 3712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
2007-05-06 17:39:38 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-05-06 17:39:38 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-05-06 17:39:38 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-05-06 17:39:38 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-05-06 02:23:50 0 d-------- C:\Program Files\TRABULANCE
2007-05-04 21:13:55 27264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
2007-05-03 19:21:41 0 d-------- C:\Program Files\Kasumi

-- Find3M Report ---------------------------------------------------------------

2007-05-26 13:56:18 0 d-------- C:\Program Files\EA Games
2007-05-25 22:33:01 0 d-------- C:\Program Files\DC++
2007-05-24 20:01:32 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-24 20:01:32 0 d-------- C:\Program Files\K-Meleon
2007-05-24 20:01:32 0 d-------- C:\Program Files\GameSpy Arcade
2007-05-24 20:01:32 0 d-------- C:\Program Files\GameBiz2
2007-05-24 20:01:32 0 d-------- C:\Documents and Settings\Niko\Application Data\Azureus
2007-05-24 19:08:44 0 d-------- C:\Program Files\MAIET
2007-05-19 13:40:09 28696 --a------ C:\Documents and Settings\Niko\Application Data\GDIPFONTCACHEV1.DAT
2007-05-17 20:44:45 547 --a------ C:\Documents and Settings\Niko\Application Data\AutoGK.ini
2007-05-17 14:46:15 0 d-------- C:\Documents and Settings\Niko\Application Data\Lionhead Studios
2007-05-17 14:23:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-17 11:04:34 0 d-------- C:\Program Files\Winamp
2007-05-09 17:08:49 0 d-------- C:\Program Files\Azureus
2007-05-07 18:10:46 0 d-------- C:\Program Files\Common Files\Logitech
2007-05-06 17:39:14 0 d-------- C:\Program Files\Logitech
2007-05-06 15:58:39 117 ---h----- C:\WINDOWS\popcreg.dat
2007-05-06 15:58:39 41 --a------ C:\WINDOWS\popcinfot.dat
2007-05-06 15:58:39 33 --a------ C:\WINDOWS\popcinfo.dat
2007-04-29 02:36:24 0 d-------- C:\Program Files\illusion
2007-04-28 15:21:40 0 d-------- C:\Program Files\Warcraft III
2007-04-25 15:50:43 0 d-------- C:\Documents and Settings\Niko\Application Data\MusicIP
2007-04-23 17:28:03 0 d-------- C:\Documents and Settings\Niko\Application Data\Command & Conquer 3 Tiberium Wars
2007-04-21 16:29:08 0 d-------- C:\Program Files\Ubisoft
2007-04-20 18:53:59 0 d-------- C:\Program Files\PopCap Games
2007-04-20 15:03:00 0 d-------- C:\Program Files\Starcraft
2007-04-19 20:16:58 12282 --a------ C:\WINDOWS\scunin.dat
2007-04-19 20:16:55 967 --a------ C:\WINDOWS\ScUnin.pif
2007-04-19 20:16:55 68096 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-04-19 17:57:36 262888 --a------ C:\WINDOWS\IPUI_DivXG400.exe <Not Verified; ; wingpack Application>
2007-04-19 17:46:18 0 d-------- C:\Program Files\DivXLand
2007-04-15 00:02:59 171520 --a------ C:\WINDOWS\system32\cncs32.dll <Not Verified; Europress Software; >
2007-04-14 22:31:04 0 d-------- C:\Program Files\Opera
2007-04-12 21:20:00 0 d-------- C:\Program Files\Java
2007-04-10 22:50:00 0 d-------- C:\Program Files\YAMIKUMO
2007-04-09 11:39:52 0 d-------- C:\Program Files\Packard Bell Data Secure
2007-04-08 18:40:00 0 d-------- C:\Program Files\Soldier of Fortune II - Double Helix GOLD
2007-04-05 16:19:39 0 dr-h----- C:\Documents and Settings\Niko\Application Data\SecuROM
2007-04-05 16:04:36 0 d-------- C:\Program Files\Electronic Arts
2007-03-30 20:26:55 0 d-------- C:\Program Files\Rockstar Games
2007-03-25 18:10:34 354486 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-03-25 18:10:34 64812 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-03-11 02:13:22 8192 --a------ C:\WINDOWS\d3dx.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"SoundMan"="SOUNDMAN.EXE"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"EPSON Stylus Photo RX520 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAGE.EXE /P31 \"EPSON Stylus Photo RX520 Series\" /O6 \"USB001\" /M \"Stylus Photo RX520\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"IESet"="IExplorer.dll .dbt"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of Deckard's System Scanner: finished at 2007-05-27 at 14:35:12 ---------

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1023.48 MiB / 590.79 MiB
Pagefile Memory (total/avail): 2459.93 MiB / 2060.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 74.15 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 111.8 GiB total, 58.94 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is Fixed (FAT32) - 232.83 GiB total, 165.62 GiB free.
P: is CDROM (No Media)
R: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: F-Secure Anti-Virus Client Security 6.00 v6.00 (F-Secure Corporation)
AV: F-Secure Anti-Virus Client Security 6.00 v6.00 (F-Secure Corporation)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Niko\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AMD-3500
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Niko
LOGONSERVER=\\AMD-3500
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\IDM Computer Solutions\UltraEdit-32;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Niko\LOCALS~1\Temp
TMP=C:\DOCUME~1\Niko\LOCALS~1\Temp
USERDOMAIN=AMD-3500
USERNAME=Niko
USERPROFILE=C:\Documents and Settings\Niko
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Juha (admin)
Riitta (admin)
Niko (admin)
Tiia (admin)
Yhteinen (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Policy Manager Support"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> C:\PROGRA~1\SOLDIE~1\Uninstall\Unwise.exe /u C:\PROGRA~1\SOLDIE~1\Uninstall\install.log
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\BWUnin-6.3.2.116-7681197L.exe -AppId 7681197
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v2.3.3 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
Ai Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x9
America's Army --> MsiExec.exe /I{EF434C52-D882-43DB-8777-EC7B10D8943C}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\SETUP.EXE" -l0x9
Astral Tournament 1.7 --> "C:\Program Files\Astral\Uninstall.exe" "C:\Program Files\Astral\install.log"
ASUS Probe V2.24.10 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0xb
ATI-ohjelmiston poisto-ohjelma --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{86EC42B5-346E-4BAB-948D-58E021EA4BD1}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Auto Gordian Knot 2.40 --> C:\Program Files\AutoGK\uninst.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Blood --> C:\WINDOWS\uninst.exe -fC:\blood\DeIsL1.isu
Blood2 --> C:\WINDOWS\uninst.exe -fC:\Games\Blood2\DeIsL1.isu
Blood2 v1.01 Patch --> C:\WINDOWS\uninst.exe -fC:\Games\Blood2\DeIsL2.isu
Blood2 v2.1 Patch --> C:\WINDOWS\uninst.exe -fC:\Games\Blood2\DeIsL4.isu
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CEP - Color Enable Package --> "C:\WINDOWS\unins000.exe"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer 3 Tiberium Wars(TM) Worldbuilder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F428768A-BA63-43A5-86E9-7F0CFD174944}\setup.exe" -l0x9 -removeonly
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Command & Conquer™ The First Decade Patch --> "C:\Program Files\EA Games\Command & Conquer The First Decade\Support\TFD-101.exe" /uninstall
Command & Conquer™ The First Decade Patch 1.02 --> "C:\Program Files\EA Games\Command & Conquer The First Decade\Support\TFD-102en.exe" /uninstall
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike: Condition Zero --> C:\Valve\CONDIT~1\UNWISE.EXE C:\Valve\CONDIT~1\INSTALL.LOG
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Creative Mass Storage Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Nano Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Creature Chaos 2.8 --> "C:\Program Files\Microsoft Games\Impossible Creatures\unins000.exe"
Creature Chaos 2.82 --> "C:\Program Files\Microsoft Games\Impossible Creatures\unins001.exe"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dedicated Server --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/5
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivXG400 --> "C:\WINDOWS\IPUI_DivXG400.exe" /U /D
DivXLand Media Subtitler --> C:\WINDOWS\unvise32.exe C:\Program Files\DivXLand\Media Subtitler\uninstal.log
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{584267B8-0BB0-4D18-9FFA-726576619E9A} /l1033 /x
DOOM 3: Resurrection of Evil --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{04347DFD-87B6-4E30-B14D-5DF2888AD8F5} /l1033
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Dynomite Deluxe 2.71 --> C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log"
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
EPSON-tulostinohjelma --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x9 -u
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPRX520 Käyttöopas --> C:\Program Files\EPSON\TPMANUAL\ESPRX520\USE_G\DOCUNINS.EXE
F-Secure Anti-Virus Client Security - automaattinen päivitysagentti --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Backweb"
F-Secure Anti-Virus Client Security - Internet-suojaus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
F-Secure Anti-Virus Client Security - sähköpostitarkistus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
F-Secure Anti-Virus Client Security - Web-liikenteen tarkistus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
F-Secure Anti-Virus Client Security - virus- ja vakoilusuojaus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
Fallout Tactics --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\14 Degrees East\Fallout Tactics\Uninst.isu"
Fallout2 --> C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
GameBiz 2 Uninstall --> "C:\Program Files\GameBiz2\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GoldWave v5.17 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.17" "C:\Program Files\GoldWave\unstall.log"
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
GT Reittikartta Suomi Plus --> MsiExec.exe /I{A6E958B1-976E-4B77-84B9-B650437ED930}
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Half-Life(R) --> MsiExec.exe /I{BACBC990-8681-4D00-9227-F3A32123BB7A}
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 1.99.1 --> C:\hjt\HijackThis.exe /uninstall
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ILLUSION ????2 --> MsiExec.exe /I{1AB16B10-3B55-499E-9918-5527DD082C6D}
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Impossible Creatures --> "C:\Program Files\Microsoft Games\Impossible Creatures\UNINSTAL.EXE" /runtemp /addremove
Impossible Creatures 1.0.1 --> MsiExec.exe /X{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}
Insaniquarium Deluxe 1.0 --> C:\Program Files\PopCap Games\Insaniquarium Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Insaniquarium Deluxe\Install.log"
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JFK Reloaded 1.1 --> C:\Program Files\JFK Reloaded\uninst.exe
K-Lite Codec Pack 2.84 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
K-Meleon0.9.12 (remove only) --> C:\Program Files\K-Meleon\uninstall.exe
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0xb UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0xb -removeonly
Logitech® Camera -ohjain --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft AutoRoute Express Europe 2000 --> C:\Program Files\Common Files\Microsoft Shared\Geography\Setup\acmsetup.exe /T SEU70809.stf
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{9011040B-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MozBackup 1.4.3 --> "C:\Program Files\MozBackup\unins000.exe"
Mozilla Firefox (1.5.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.11 (fi)"
Mozilla Thunderbird (1.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (fi)"
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Natural Selection 3.1 --> "c:\program files\valve\steam\steamapps\niko991\half-life\unins000.exe"
Nero 7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NVIDIA Drivers --> C:\WINDOWS\System32\NVUNINST.EXE UninstallGUI
OLYMPUS CAMEDIA Master 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OLYMPUS\CAMEDIA Master\Uninst.isu"
Opera --> C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log
Opera 9.20 --> MsiExec.exe /X{FC0C72DD-A491-43FF-B377-67273E4D94D7}
Packard Bell Data Secure --> C:\Program Files\Packard Bell Data Secure\Uninstall.exe
Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RenGuard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E32D60ED-020C-461C-949B-A2EDB8B3D55D}\setup.exe" -l0xb
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Soldier of Fortune II - Double Helix GOLD --> C:\PROGRA~1\SOLDIE~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\SOLDIE~1\UNINST~1\INSTALL.LOG
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Source Dedicated Server --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/205
Space Empires IV Gold --> C:\PROGRA~1\SHRAPN~1\MALFAD~1\SPACEE~1\UNWISE.EXE C:\PROGRA~1\SHRAPN~1\MALFAD~1\SPACEE~1\INSTALL.LOG
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Starcraft --> C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
SyncBack --> "C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
The Movies(TM) Stunts & Effects --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1} /l2057
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Yöelämää --> C:\Program Files\EA GAMES\The Sims 2 Yöelämää\EAUninstall.exe
The Sims 2 Yliopisto --> C:\Program Files\EA GAMES\The Sims 2 Yliopisto\EAUninstall.exe
The Sims Superstar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}\setup.exe" -l000b
Titans of Steel - Warring Suns v1.00 --> C:\WINDOWS\iun6002.exe "C:\Matrix Games\Titans of Steel - Warring Suns\irunin.ini"
UltimateZip 3.0.2 --> "C:\Program Files\UltimateZip\unins000.exe"
UltraEdit-32 --> "C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
UltraISO Premium V8.61 --> "C:\Program Files\UltraISO\unins000.exe"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WDN4OAK+ --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Humax Digital\WDN4OAK+\DeIsL2.isu" -cC:\PROGRA~1\HUMAXD~1\WDN4OA~1\_ISREG32.DLL
Westwood Chat 4.221 --> "C:\Program Files\Westwood Chat\Uninstall.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR-pakkausohjelma --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Worms 4 Mayhem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}\setup.exe" -l0x9 -removeonly
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove
Zero Hour Retarded --> MsiExec.exe /I{CD0A9149-E2AB-4BC8-AEA5-7541FF2914ED}

-- End of Deckard's System Scanner: finished at 2007-05-27 at 14:35:12 ---------

Ja tuossa olikin kaikki tältä erää! Näyttääkö jo hyvältä, vai löytyykö (mieluusti) vielä jostain puristettavaa?
Eheytyksestä; tein sen ihan ensin ennen muita edes.

Auttaja · May 27, 2007

Näin

Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

Windows Registry Editor Version 5.00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"IESet"=-

Click to expand...

Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen.

=========

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

De_Nitro · May 28, 2007

Vaikka tuosta F-Secure tarkistuksesta on mennyt jopa 447274 tiedostoa läpi, näyttäisi koneeni vahoja "väsymysten" merkkejä; tehtävien hallinnassa on ~10 (ehkä enemmänkin) Tskmgr:ia, ja käyttäjässä laatikko teksitä! Joten päätin itsenäisesti buutata koneen ja jättää se huomiseksi koulun ajaksi, läpi saakka. 1 Virus on löytyny ja poistan sen nytten; muuten, odota huomiseen , sitten saat logis ^^.
PS. Juu, et saa tänääkään, tuli joku fsmm jtn. kaatu ja se tais pysähtyy siihen, kuten viime kerrallaki. Yöks sitte, jos ei muuten!

De_Nitro · May 28, 2007

Juu-u. Kestihän siinä, mutta nyt tuli...

Scanning Report
Monday, May 28, 2007 21:07:04 - 07:52:57

Computer name: AMD-3500
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\ I:\
Result: 8 malware found
QQPass.gen4 (virus)

* F:\Vanhan_koneen_C_osio\Program Files\Niko's pictures\aaaaaaa\Battlefield 1942\Battlefield_1942_Keygen.exe (Submitted)

Trojan-Clicker.Win32.VB.pc (virus)

* C:\WINDOWS\system32\JIDANDIAN3.0XE (Submitted)
* C:\!KillBox\JIDANDIAN3.0XE (Submitted)
* C:\!KillBox\SVCH0ST.0XE (Submitted)

W32/Smalltroj.NYS (virus)

* C:\Documents and Settings\Niko\DoctorWeb\Quarantine\A0121012.exe (Submitted)
* C:\Documents and Settings\Niko\DoctorWeb\Quarantine\A0121015.exe (Submitted)
* C:\Documents and Settings\Niko\DoctorWeb\Quarantine\tslbqire.exe.bad (Submitted)
* C:\Documents and Settings\Niko\DoctorWeb\Quarantine\yirygnls.exe.bad (Submitted)

Statistics
Scanned:

* Files: 880221
* System: 5343
* Not scanned: 385

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 8
* Submitted: 8

Files not scanned:

* ?%H?NAGEFILE.SYS C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\SIERRA\LOMSE\CUSTLDR\0TEMPLDR.LDR
* C:\SIERRA\LOMSE\CUSTLDR\FIRUZ
* C:\SIERRA\LOMSE\CUSTLDR\SIRAZ
* C:\SIERRA\LOMSE\CUSTLDR\WIRAUS
* C:\RECYCLER\S-1-5-21-790525478-1417001333-839522115-1006\DC516.ZIP
* C:\RECYCLER\S-1-5-21-790525478-1417001333-839522115-1006\DC518.JPG
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\DAY OF DEFEAT SOURCE\DOD\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\DAY OF DEFEAT SOURCE\DOD\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE BETA\CSTRIKE_BETA\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE BETA\CSTRIKE_BETA\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\FATAL-GAMING.NET\CU2.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\FATAL-GAMING.NET\CU3.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\CODL\N8TOO.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\BISTDUMM.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CAMPER3.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CIAO.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CU2.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CU3.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\DRECKSACK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\ERWISCHE.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\HASSE.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\KACKTYPE.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\KEKS.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\MENO.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\MOIN.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\OOHOOH.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\PRUEGEL.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\PUMPGUN.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\SCHEISSER.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\SUCHEN.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\VOLLGUT-GUT.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\WACHWERDEN.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RAMCHECK.DAT
* C:\PROGRAM FILES\S?

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-05-26
* F-Secure AVP: 7.0.171, 2007-05-28
* F-Secure Orion: 1.2.37, 2007-05-28
* F-Secure Blacklight: 1.0.53
* F-Secure Draco: 1.0.35, 2007-05-14
* F-Secure Pegasus: 1.19.0, 2007-04-22

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Auttaja · May 29, 2007

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

De_Nitro · May 29, 2007

Kiitoksia hyvin paljon! Tuntuukin jo huomattavasti paremmalta!

De_Nitro · May 31, 2007

...ja se siitä, tämä "puhtaus" kesti vähän aikaa. Samat oireet todennäköisesti, ja HjT logi jälleen:

Logfile of HijackThis v1.99.1
Scan saved at 16:37:30, on 31.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\hjt\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.msn.com/flash/?mkt=fi-fi&version=7,0,60,0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - C:\WINDOWS\system32\efcywvw.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\lomnknll.dll
O2 - BHO: (no name) - {CF6AC98F-6A14-4A95-9E1D-AE30C6092D76} - C:\WINDOWS\system32\jkkll.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nojehsjs.exe] C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\kajdmdxy.dll",realset
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST -ilmaisinalue.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcywvw - C:\WINDOWS\SYSTEM32\efcywvw.dll
O20 - Winlogon Notify: jkkll - C:\WINDOWS\system32\jkkll.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Auttaja · May 31, 2007

HAHAA , vundo ja tällä kertaa viel loppikin

Mitä ihmeen pornoo oikein latailet

========

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

==========

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

Eli Äffän raportti + Hjtlogi + vundofixin raportti

De_Nitro · May 31, 2007

Auttaja said:

HAHAA , vundo ja tällä kertaa viel loppikin

Mitä ihmeen pornoo oikein latailet

Click to expand...

Hyvin hauskaa
Jos ollaan rehellisiä:
Kaveri pyysi, et etin kräkin sille, ettin ja kas vain! Siin oli viiruksii! Ja tais olla samat, ku viimeks ja katoin aikasemmist ja pistin Ad-Aware->CCleaner->Vundo Fix. Nytte taas tuntuis olevan aika puhdas . F-Secure... menee kai jonain päivänä (itseasiassa, pistän sen tämän tekstin jälkeen...)
Tarinan opetus: Älä luota kräkkeihin IKINÄ 100%.

Auttaja · May 31, 2007

Itse asiassa tee nyt mitä tuossa edellisessä viestissä koska ekalla kerralla siulla ei ollut loppia niin katotaan että poistuko se.

De_Nitro · Jun 1, 2007

Oi suuri Auttaja; tässä olisi logit!

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:07:03 26.5.2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\acrvhorq.ini
C:\WINDOWS\system32\fmbnrebd.dll
C:\WINDOWS\system32\fwupsjvh.dll
C:\WINDOWS\system32\gtdkekfr.dll
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\jdyodpjl.dll
C:\WINDOWS\system32\kffpctoj.dll
C:\WINDOWS\system32\mcatlspd.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mtbtrtfi.dll
C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qrohvrca.dll
C:\WINDOWS\system32\ssqnkih.dll
C:\WINDOWS\system32\tslbqire.exe
C:\WINDOWS\system32\uevrcahw.ini
C:\WINDOWS\system32\whacrveu.dll
C:\WINDOWS\system32\vymwqdbc.dll
C:\WINDOWS\system32\yirygnls.exe
C:\WINDOWS\system32\yxnfolfn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\acrvhorq.ini
C:\WINDOWS\system32\acrvhorq.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fmbnrebd.dll
C:\WINDOWS\system32\fmbnrebd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwupsjvh.dll
C:\WINDOWS\system32\fwupsjvh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gtdkekfr.dll
C:\WINDOWS\system32\gtdkekfr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\hjllm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jdyodpjl.dll
C:\WINDOWS\system32\jdyodpjl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcatlspd.dll
C:\WINDOWS\system32\mcatlspd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mtbtrtfi.dll
C:\WINDOWS\system32\mtbtrtfi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qomjige.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qrohvrca.dll
C:\WINDOWS\system32\qrohvrca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkih.dll
C:\WINDOWS\system32\ssqnkih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tslbqire.exe
C:\WINDOWS\system32\tslbqire.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uevrcahw.ini
C:\WINDOWS\system32\uevrcahw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\whacrveu.dll
C:\WINDOWS\system32\whacrveu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vymwqdbc.dll
C:\WINDOWS\system32\vymwqdbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yirygnls.exe
C:\WINDOWS\system32\yirygnls.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yxnfolfn.dll
C:\WINDOWS\system32\yxnfolfn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qomjige.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:47:58 26.5.2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rbioqodh.dll
C:\WINDOWS\system32\rbioqodh.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Scan started at 17:52:46 31.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\efcywvw.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\kajdmdxy.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\yxdmdjak.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcywvw.dll
C:\WINDOWS\system32\efcywvw.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\kajdmdxy.dll
C:\WINDOWS\system32\kajdmdxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\sstqq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yxdmdjak.ini
C:\WINDOWS\system32\yxdmdjak.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcywvw.dll
C:\WINDOWS\system32\efcywvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\sstqq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Scanning Report
Thursday, May 31, 2007 18:34:59 - 06:57:05

Computer name: AMD-3500
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\ I:\
Result: 11 malware found
QQPass.gen4 (virus)

* F:\Vanhan_koneen_C_osio\Program Files\Niko's pictures\aaaaaaa\Battlefield 1942\Battlefield_1942_Keygen.exe (Submitted)

Trojan-Clicker.Win32.VB.pc (virus)

* C:\WINDOWS\system32\JIDANDIAN3.0XE (Submitted)
* C:\!KillBox\JIDANDIAN3.0XE (Submitted)
* C:\!KillBox\SVCH0ST.0XE (Submitted)

Vundo.gen26 (virus)

* C:\VundoFix Backups\jkkll.dll.bad (Submitted)
* C:\VundoFix Backups\sstqq.dll.bad (Submitted)

W32/Smalltroj.NYS (virus)

* C:\Documents and Settings\Niko\DoctorWeb\Quarantine\A0121012.exe (Submitted)
* C:\Documents and Settings\Niko\DoctorWeb\Quarantine\A0121015.exe (Submitted)
* C:\Documents and Settings\Niko\DoctorWeb\Quarantine\tslbqire.exe.bad (Submitted)
* C:\Documents and Settings\Niko\DoctorWeb\Quarantine\yirygnls.exe.bad (Submitted)

W32/Vundo.gen25 (virus)

* C:\VundoFix Backups\kajdmdxy.dll.bad (Submitted)

Statistics
Scanned:

* Files: 829101
* System: 5301
* Not scanned: 377

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 11
* Submitted: 11

Files not scanned:

* ??xAGEFILE.SYS C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\SIERRA\LOMSE\CUSTLDR\0TEMPLDR.LDR
* C:\SIERRA\LOMSE\CUSTLDR\FIRUZ
* C:\SIERRA\LOMSE\CUSTLDR\SIRAZ
* C:\SIERRA\LOMSE\CUSTLDR\WIRAUS
* C:\RECYCLER\S-1-5-21-790525478-1417001333-839522115-1006\DC516.ZIP
* C:\RECYCLER\S-1-5-21-790525478-1417001333-839522115-1006\DC518.JPG
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\DAY OF DEFEAT SOURCE\DOD\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\DAY OF DEFEAT SOURCE\DOD\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE BETA\CSTRIKE_BETA\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE BETA\CSTRIKE_BETA\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\FATAL-GAMING.NET\CU2.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\FATAL-GAMING.NET\CU3.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\CODL\N8TOO.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\BISTDUMM.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CAMPER3.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CIAO.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CU2.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\CU3.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\DRECKSACK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\ERWISCHE.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\GOODLUCK.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\HASSE.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\KACKTYPE.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\KEKS.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\MENO.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\MOIN.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\OOHOOH.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\PRUEGEL.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\PUMPGUN.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\SCHEISSER.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\SUCHEN.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\VOLLGUT-GUT.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\WACHWERDEN.MP3
* C:\PROGRAM FILES\VALVE\STEAM\STEAMAPPS\NIKO991\COUNTER-STRIKE SOURCE\CSTRIKE\SOUND\ADMIN_PLUGIN\WAITINGFORSUSPECT.MP3
* C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RAMCHECK.DAT
* C:\PROGRAM FILES\S??C

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-05-31
* F-Secure AVP: 7.0.171, 2007-05-31
* F-Secure Orion: 1.2.37, 2007-05-31
* F-Secure Blacklight: 1.0.53
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-04-28

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Logfile of HijackThis v1.99.1
Scan saved at 12:25:57, on 1.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hjt\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.msn.com/flash/?mkt=fi-fi&version=7,0,60,0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - C:\WINDOWS\system32\efcywvw.dll (file missing)
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\lomnknll.dll
O2 - BHO: (no name) - {CF6AC98F-6A14-4A95-9E1D-AE30C6092D76} - C:\WINDOWS\system32\jkkll.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nojehsjs.exe] C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST -ilmaisinalue.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Ja tuossa on kaikki... taas.

Auttaja · Jun 1, 2007

Poista ohjauspaneelin lisää/poista sovelluksen kautta nämä

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

========
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.

[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä rivi ylimmäiseen boksiin
[*]C:\WINDOWS\system32\lomnknll.dll
[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.

=======

Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.

==========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - C:\WINDOWS\system32\efcywvw.dll (file missing)
O2 - BHO: (no name) - {CF6AC98F-6A14-4A95-9E1D-AE30C6092D76} - C:\WINDOWS\system32\jkkll.dll (file missing)
O4 - HKLM\..\Run: [nojehsjs.exe] C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)

Tässä ohje miten merkataan:

==========

1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokoneesi vikasietotilaan

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

Poista

C:\Documents and Settings\All Users\Application Data\nojehsjs.exe'
C:\WINDOWS\system32\JIDANDIAN3.0XE

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine(1), jos ei, klikkaa linkkiä ja valitse b]Quarantine[/b] popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

Uusi Hijackthis logi ja onko ongelmia?

De_Nitro · Jun 1, 2007

Hoi! Jälleen loginne, sir:

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:07:03 26.5.2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\acrvhorq.ini
C:\WINDOWS\system32\fmbnrebd.dll
C:\WINDOWS\system32\fwupsjvh.dll
C:\WINDOWS\system32\gtdkekfr.dll
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\jdyodpjl.dll
C:\WINDOWS\system32\kffpctoj.dll
C:\WINDOWS\system32\mcatlspd.dll
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mtbtrtfi.dll
C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qrohvrca.dll
C:\WINDOWS\system32\ssqnkih.dll
C:\WINDOWS\system32\tslbqire.exe
C:\WINDOWS\system32\uevrcahw.ini
C:\WINDOWS\system32\whacrveu.dll
C:\WINDOWS\system32\vymwqdbc.dll
C:\WINDOWS\system32\yirygnls.exe
C:\WINDOWS\system32\yxnfolfn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\acrvhorq.ini
C:\WINDOWS\system32\acrvhorq.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fmbnrebd.dll
C:\WINDOWS\system32\fmbnrebd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwupsjvh.dll
C:\WINDOWS\system32\fwupsjvh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gtdkekfr.dll
C:\WINDOWS\system32\gtdkekfr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\hjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.tmp
C:\WINDOWS\system32\hjllm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\jdyodpjl.dll
C:\WINDOWS\system32\jdyodpjl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mcatlspd.dll
C:\WINDOWS\system32\mcatlspd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mtbtrtfi.dll
C:\WINDOWS\system32\mtbtrtfi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qomjige.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qrohvrca.dll
C:\WINDOWS\system32\qrohvrca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkih.dll
C:\WINDOWS\system32\ssqnkih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tslbqire.exe
C:\WINDOWS\system32\tslbqire.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uevrcahw.ini
C:\WINDOWS\system32\uevrcahw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\whacrveu.dll
C:\WINDOWS\system32\whacrveu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vymwqdbc.dll
C:\WINDOWS\system32\vymwqdbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yirygnls.exe
C:\WINDOWS\system32\yirygnls.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yxnfolfn.dll
C:\WINDOWS\system32\yxnfolfn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\qomjige.dll
C:\WINDOWS\system32\qomjige.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 18:47:58 26.5.2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rbioqodh.dll
C:\WINDOWS\system32\rbioqodh.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Scan started at 17:52:46 31.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\efcywvw.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\kajdmdxy.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\yxdmdjak.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcywvw.dll
C:\WINDOWS\system32\efcywvw.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\kajdmdxy.dll
C:\WINDOWS\system32\kajdmdxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\sstqq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yxdmdjak.ini
C:\WINDOWS\system32\yxdmdjak.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efcywvw.dll
C:\WINDOWS\system32\efcywvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jkkll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstqq.dll
C:\WINDOWS\system32\sstqq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Scan started at 14:26:48 1.6.2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\WINDOWS\system32\lomnknll.dll
C:\WINDOWS\system32\lomnknll.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 16:44:10, on 1.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.msn.com/flash/?mkt=fi-fi&version=7,0,60,0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\lomnknll.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST -ilmaisinalue.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:30:25 1.6.2007

+ Scan result:

C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP401\A0127248.exe/keygen.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C196859B-77F7-49C8-88C3-EA1F606B9D6C}\RP401\A0127255.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.35:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Niko\Cookies\niko@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Niko\Cookies\niko@search.live[1].txt -> TrackingCookie.Live : Cleaned.
:mozilla.68:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.42:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.43:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.44:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.45:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.10:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.58:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.63:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\Niko\Application Data\Mozilla\Firefox\Profiles\5yhmptdw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Ja tässä oli taasen!

Auttaja · Jun 2, 2007

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

=======

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\lomnknll.dll (file missing)

merkkaa ja paina fix checked

)==========

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

Log in or Sign up

Kone tukossa+netti lagittaa+logi

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

Share This Page

Log in or Sign up

Kone tukossa+netti lagittaa+logi

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

De_Nitro Regular member

Auttaja Guest

Share This Page

Useful Searches