Kone käyttäyttyy oudosti, erikoisesti javaa herjaten, voisiko joku vilkaista, kiitos. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:01:30, on 18.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\keyhook.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo cale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo cale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo cale=FI_FI&c=Q404&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.starttis.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo cale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html /native/x86/win32/activex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls /en/x86/client/wuweb_site.cab?1165605989984 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro ls/en/x86/client/muweb_site.cab?1166222771921 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 10245 bytes
Kiitos, tässä vielä uusi logi, löytyykö poistettavaa vielä. Herjaa että monta java-prosessia pyörimässä kun yrittää verkkopankkiin. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:24:43, on 23.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\keyhook.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.starttis.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165605989984 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166222771921 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 10223 bytes
Luo poistolista: • Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta postiisi
Tässähän tämä, toivottavasti meni oikein... 7-Zip 4.42 ACE Mega CoDecS Pack Ad-Aware 2007 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.2 - Suomi Adobe Shockwave Player Agere Systems PCI Soft Modem Anti-Leech Plugin for Mozilla, Opera, Netscape AnyDVD AVI MPEG Converter 3 BitLord 1.1 BSPlayer CloneDVD2 Combined Community Codec Pack 2008-01-24 ConvertXtoDVD 3.0.0.1 DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD Decrypter (Remove Only) EAGLE 4.16r2 Enhanced Multimedia Keyboard Solution ffdshow [rev 719] [2006-12-27] F-Secure Anti-Virus Client Security - automaattinen päivitysagentti F-Secure Anti-Virus Client Security - Internet-suojaus F-Secure Anti-Virus Client Security - sähköpostitarkistus F-Secure Anti-Virus Client Security - Web-liikenteen tarkistus F-Secure Anti-Virus Client Security - virus- ja vakoilusuojaus GOM Player Help and Support Additions HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683) Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864) Hotfix-päivitys Windows XP:lle (KB928388) Hotfix-päivitys Windows XP:lle (KB929120) HP Deskjet Preloaded Printer Drivers HP Extended Capabilities 5.3 HP Image Zone 4.2 HP Image Zone Express HP Image Zone Plus 4.2 HP Imaging Device Functions 5.3 HP Photo & Imaging 3.5 - HP Devices HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPIZ402 InterVideo WinDVD Creator 2 InterVideo WinDVD Player iTunes J2SE Runtime Environment 5.0 Update 10 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 5 Java(TM) SE Runtime Environment 6 Update 1 Labtec WebCam Software Labtec® Camera -ohjain LimeWire PRO 4.17.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Finnish Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Language Pack - FIN Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Finnish Language Pack Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.0:n suomen kielipaketti Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (Finnish) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Finnish) 2007 Microsoft Office Groove MUI (Finnish) 2007 Microsoft Office InfoPath MUI (Finnish) 2007 Microsoft Office OneNote MUI (Finnish) 2007 Microsoft Office Outlook MUI (Finnish) 2007 Microsoft Office PowerPoint MUI (Finnish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Finnish) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Swedish) 2007 Microsoft Office Proofing (Finnish) 2007 Microsoft Office Publisher MUI (Finnish) 2007 Microsoft Office Shared MUI (Finnish) 2007 Microsoft Office Word MUI (Finnish) 2007 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works 7.0 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Nero 7 NVIDIA Drivers Opera 9.27 Picasa 2 PowerISO PS2 Päivitys Windows XP:lle (KB898461) Päivitys Windows XP:lle (KB904942) Päivitys Windows XP:lle (KB908531) Päivitys Windows XP:lle (KB910437) Päivitys Windows XP:lle (KB911280) Päivitys Windows XP:lle (KB916595) Päivitys Windows XP:lle (KB920342) Päivitys Windows XP:lle (KB922582) Päivitys Windows XP:lle (KB925720) Päivitys Windows XP:lle (KB925876) Päivitys Windows XP:lle (KB927891) Päivitys Windows XP:lle (KB929338) Päivitys Windows XP:lle (KB930916) Päivitys Windows XP:lle (KB931836) Päivitys Windows XP:lle (KB933360) Päivitys Windows XP:lle (KB938828) Päivitys Windows XP:lle (KB942763) QuickTime Security Update for Excel 2007 (KB946974) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB951808) Security Update for Microsoft Office Word 2007 (KB950113) Security Update for Office 2007 (KB934062) Security Update for Office 2007 (KB947801) Security Update for Outlook 2007 (KB946983) Security Update for the 2007 Microsoft Office System (KB936960) SiS VGA Utilities Skype™ 3.6 SpeedFan (remove only) Subtitle Workshop 2.51 Suojauspäivitys ohjelmistolle Windows XP (KB923689) Suojauspäivitys ohjelmistolle Windows XP (KB941569) Suojauspäivitys Windows Internet Explorer 7:lle (KB928090) Suojauspäivitys Windows Internet Explorer 7:lle (KB929969) Suojauspäivitys Windows Internet Explorer 7:lle (KB931768) Suojauspäivitys Windows Internet Explorer 7:lle (KB933566) Suojauspäivitys Windows Internet Explorer 7:lle (KB937143) Suojauspäivitys Windows Internet Explorer 7:lle (KB938127) Suojauspäivitys Windows Internet Explorer 7:lle (KB939653) Suojauspäivitys Windows Internet Explorer 7:lle (KB942615) Suojauspäivitys Windows Internet Explorer 7:lle (KB944533) Suojauspäivitys Windows Media Player 10:lle (KB917734) Suojauspäivitys Windows Media Player 11:lle (KB936782) Suojauspäivitys Windows Media Player 6.4:lle (KB925398) Suojauspäivitys Windows Media Player 9:lle (KB917734) Suojauspäivitys Windows Media Playerille (KB911564) Suojauspäivitys Windows XP:lle (KB890046) Suojauspäivitys Windows XP:lle (KB893756) Suojauspäivitys Windows XP:lle (KB896358) Suojauspäivitys Windows XP:lle (KB896423) Suojauspäivitys Windows XP:lle (KB896424) Suojauspäivitys Windows XP:lle (KB896428) Suojauspäivitys Windows XP:lle (KB899587) Suojauspäivitys Windows XP:lle (KB899591) Suojauspäivitys Windows XP:lle (KB900725) Suojauspäivitys Windows XP:lle (KB901017) Suojauspäivitys Windows XP:lle (KB901190) Suojauspäivitys Windows XP:lle (KB901214) Suojauspäivitys Windows XP:lle (KB902400) Suojauspäivitys Windows XP:lle (KB905414) Suojauspäivitys Windows XP:lle (KB905749) Suojauspäivitys Windows XP:lle (KB908519) Suojauspäivitys Windows XP:lle (KB911562) Suojauspäivitys Windows XP:lle (KB911567) Suojauspäivitys Windows XP:lle (KB911927) Suojauspäivitys Windows XP:lle (KB912919) Suojauspäivitys Windows XP:lle (KB913580) Suojauspäivitys Windows XP:lle (KB914388) Suojauspäivitys Windows XP:lle (KB914389) Suojauspäivitys Windows XP:lle (KB917344) Suojauspäivitys Windows XP:lle (KB917422) Suojauspäivitys Windows XP:lle (KB917953) Suojauspäivitys Windows XP:lle (KB918118) Suojauspäivitys Windows XP:lle (KB919007) Suojauspäivitys Windows XP:lle (KB920213) Suojauspäivitys Windows XP:lle (KB920214) Suojauspäivitys Windows XP:lle (KB920670) Suojauspäivitys Windows XP:lle (KB920683) Suojauspäivitys Windows XP:lle (KB920685) Suojauspäivitys Windows XP:lle (KB921398) Suojauspäivitys Windows XP:lle (KB921503) Suojauspäivitys Windows XP:lle (KB921883) Suojauspäivitys Windows XP:lle (KB922616) Suojauspäivitys Windows XP:lle (KB922760) Suojauspäivitys Windows XP:lle (KB922819) Suojauspäivitys Windows XP:lle (KB923414) Suojauspäivitys Windows XP:lle (KB923694) Suojauspäivitys Windows XP:lle (KB923980) Suojauspäivitys Windows XP:lle (KB924191) Suojauspäivitys Windows XP:lle (KB924270) Suojauspäivitys Windows XP:lle (KB924496) Suojauspäivitys Windows XP:lle (KB924667) Suojauspäivitys Windows XP:lle (KB925486) Suojauspäivitys Windows XP:lle (KB925902) Suojauspäivitys Windows XP:lle (KB926255) Suojauspäivitys Windows XP:lle (KB926436) Suojauspäivitys Windows XP:lle (KB927779) Suojauspäivitys Windows XP:lle (KB927802) Suojauspäivitys Windows XP:lle (KB928255) Suojauspäivitys Windows XP:lle (KB928843) Suojauspäivitys Windows XP:lle (KB929123) Suojauspäivitys Windows XP:lle (KB930178) Suojauspäivitys Windows XP:lle (KB931261) Suojauspäivitys Windows XP:lle (KB931784) Suojauspäivitys Windows XP:lle (KB932168) Suojauspäivitys Windows XP:lle (KB933729) Suojauspäivitys Windows XP:lle (KB935839) Suojauspäivitys Windows XP:lle (KB935840) Suojauspäivitys Windows XP:lle (KB936021) Suojauspäivitys Windows XP:lle (KB938829) Suojauspäivitys Windows XP:lle (KB941202) Suojauspäivitys Windows XP:lle (KB941568) Suojauspäivitys Windows XP:lle (KB941644) Suojauspäivitys Windows XP:lle (KB941693) Suojauspäivitys Windows XP:lle (KB943055) Suojauspäivitys Windows XP:lle (KB943460) Suojauspäivitys Windows XP:lle (KB943485) Suojauspäivitys Windows XP:lle (KB944653) Suojauspäivitys Windows XP:lle (KB945553) Suojauspäivitys Windows XP:lle (KB946026) Suojauspäivitys Windows XP:lle (KB948590) Suojauspäivitys Windows XP:lle (KB948881) Suojauspäivitys Windows XP:lle (KB950749) Update for Office 2007 (KB932080) Update for Office 2007 (KB934391) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb950378) VIA Rhine-Family Fast-Ethernet Adapter VideoLAN VLC media player 0.8.6f Winamp (remove only) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FIN) Windows Rights Management -asiakkaan yhteensopivuus taaksepäin SP2-versioon Windows Rights Management Service Pack 2 -asiakas Windows Workflow Foundation FI Language Pack Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver WinZip VobSub v2.23 (Remove Only) XML Paper Specification Shared Components Language Pack 1.0
Poista lisää poista sovelutuksesta J2SE Runtime Environment 5.0 Update 10 Java 2 Runtime Environment, SE v1.4.2_03 Java(TM) 6 Update 5 Java(TM) SE Runtime Environment 6 Update 1 ================ Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi.
Kiitos kärsivällisyydestäsi, tein nuo ja kone ilmoittaa edelleen: Java (TM) Plug-in Fatal error Several Java Virtual Machines running the process caused an error Lisäksi: Käsky osoitteessa "0x2e746e65" viittasi muistiin osoitteessa "0x2e746e65". Muisti ei voi olla read
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
Tässähän nämä, näyttääkö paremmalta SDFix: Version 1.185 Run by HP_Omistaja on pe 23.05.2008 at 21:32 Microsoft Windows XP [versio 5.1.2600] Running From: C:\DOCUME~1\HP_OMI~1\TYPYT~1\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 21:41:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:047f0b37 "s2"=dword:183ab62b "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:d5,d4,c1,84,12,98,a2,da,a7,e1,50,a6,66,a9,c0,7c,f7,f2,1b,9c,51,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:8b,a8,de,0b,4c,62,35,66,df,4e,4b,e7,d2,91,ea,18,d6,f4,7e,08,48,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:8b,43,65,33,d7,8c,c1,54,e7,65,c2,fa,3d,03,fd,8f,4d,22,83,13,28,.. "a0"=hex:20,01,00,00,47,d0,21,c5,9c,ce,cf,bc,1b,2c,27,c7,d9,f9,63,be,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:4b,e3,ef,c7,a0,fa,03,4d,af,23,e0,f3,22,fe,e9,5c,13,9e,11,16,ba,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:30,0d,de,87,e2,43,87,49,3a,1f,54,88,c5,0f,6d,50,da,64,26,b9,27,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:e4,c6,78,ec,e0,2d,ed,56,be,de,be,a3,c8,50,1c,ec,eb,26,d1,71,c9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:d5,d4,c1,84,12,98,a2,da,a7,e1,50,a6,66,a9,c0,7c,f7,f2,1b,9c,51,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:8b,a8,de,0b,4c,62,35,66,df,4e,4b,e7,d2,91,ea,18,d6,f4,7e,08,48,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:8b,43,65,33,d7,8c,c1,54,e7,65,c2,fa,3d,03,fd,8f,4d,22,83,13,28,.. "a0"=hex:20,01,00,00,47,d0,21,c5,9c,ce,cf,bc,1b,2c,27,c7,d9,f9,63,be,19,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:4b,e3,ef,c7,a0,fa,03,4d,af,23,e0,f3,22,fe,e9,5c,13,9e,11,16,ba,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:30,0d,de,87,e2,43,87,49,3a,1f,54,88,c5,0f,6d,50,da,64,26,b9,27,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:e4,c6,78,ec,e0,2d,ed,56,be,de,be,a3,c8,50,1c,ec,eb,26,d1,71,c9,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\Opera\\program\\plugins\\alhlp.exe"="C:\\Program Files\\Opera\\program\\plugins\\alhlp.exe:*:Enabled:Anti-Leech plugin helper program" "C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update" Remaining Files : File Backups: - C:\DOCUME~1\HP_OMI~1\TYPYT~1\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 8 Dec 2006 196 A.SHR --- "C:\BOOT.BAK" Sat 15 Mar 2008 72 ..SH. --- "C:\WINDOWS\S820E96E0.tmp" Fri 26 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe" Sun 16 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 18 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0045d90d3c637c74f834c75fe192b558\BITC4.tmp" Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT296.tmp" Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT299.tmp" Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT295.tmp" Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3cf0038d9844b330cbc012d961537773\BIT29A.tmp" Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\445ce037cf936bf0308bd0a2bf4516e5\BIT298.tmp" Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7ce22e444dc91400829a7d1a2d39aa2\BIT29B.tmp" Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddfab57ae20e024ecd85b4ea1a62ef6f\BIT297.tmp" Sat 11 Aug 2007 1,301 ...HR --- "C:\Documents and Settings\HP_Omistaja\Application Data\SecuROM\UserData\securom_v7_01.bak" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\HP_Omistaja\Application Data\U3\temp\Launchpad Removal.exe" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:54:14, on 23.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Anti-Virus\fsrw.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\notepad.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.starttis.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165605989984 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166222771921 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 10256 bytes
Kiitos, kone nopeutui huomattavasti, mutta kettu sentään yhä vaan ilmoittaa ie sovellusvirhe ja tämän liturgian Java (TM) Plug-in Fatal error Several Java Virtual Machines running the process caused an error Lisäksi: Käsky osoitteessa "0x2e746e65" viittasi muistiin osoitteessa "0x2e746e65". Muisti ei voi olla read
1.Lataa combofix.exe työpöydällesi yhdestä linkistä: combofix1 combofix2 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Tässä Combofix logi ComboFix 08-05-21.3 - HP_Omistaja 2008-05-23 23:00:14.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.290 [GMT 3:00] Running from: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe * Created a new restore point * Resident AV is active . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\HP_Omistaja\Application Data\inst.exe C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver\Cache\01245DB4.jpg C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini C:\Program Files\FunWebProducts\ScreenSaver\Images\0121D40B.urr C:\Program Files\FunWebProducts\ScreenSaver\Images\012455D4.urr C:\Program Files\FunWebProducts\ScreenSaver\Images\01246DE0.dat C:\Program Files\FunWebProducts\ScreenSaver\Images\01253F69.dat C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\01246DE0.jpg C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\01253F69.jpg C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst C:\Program Files\FunWebProducts\Shared\0068888F.dat C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Program Files\Google\googletoolbar1.dll C:\Program Files\Mozilla Firefox\plugins\npclntax.dll C:\WINDOWS\Fonts\acrsecB.fon C:\WINDOWS\Fonts\acrsecI.fon D:\Autorun.inf . ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-04-23 to 2008-05-23 ))))))))))))))))) . 2473-04-09 15:19 . 2473-04-09 15:19 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2473-04-09 15:19 . 2473-04-09 15:19 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2008-05-23 21:27 . 2008-05-23 21:27 <KANSIO> d-------- C:\WINDOWS\ERUNT 2008-05-23 21:23 . 2008-05-23 03:54 <KANSIO> d-------- C:\SDFix 2008-05-23 19:34 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS 2008-05-23 19:34 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS 2008-05-23 19:34 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö 2008-05-23 19:34 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö 2008-05-23 19:34 . 2008-05-23 19:54 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä 2008-05-23 19:34 . 2008-05-23 19:54 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä 2008-05-23 19:34 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö 2008-05-23 19:34 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö 2008-05-23 19:34 . 2006-12-09 06:08 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit 2008-05-23 19:34 . 2006-12-09 06:08 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit 2008-05-23 19:34 . 2006-12-09 06:08 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot 2008-05-23 19:34 . 2006-12-09 06:08 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot 2008-05-23 19:34 . 2006-12-09 06:09 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit 2008-05-23 19:34 . 2006-12-09 06:09 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit 2008-05-23 19:34 . 2006-12-09 06:08 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko 2008-05-23 19:34 . 2006-12-09 06:08 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko 2008-05-23 19:34 . 2004-01-01 09:04 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec 2008-05-23 19:34 . 2004-01-01 13:09 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\SampleView 2008-05-23 19:34 . 2004-01-01 12:34 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Intervideo 2008-05-23 19:34 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Apple Computer 2008-05-23 19:34 . 2008-05-23 19:34 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja 2008-05-23 18:37 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-23 03:15 . 2008-05-23 03:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-23 03:15 . 2008-05-23 03:15 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-18 13:00 . 2008-05-18 13:00 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-05-18 01:06 . 2008-05-18 01:07 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\.housecall6.6 . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-23 20:00 --------- d-----w C:\Program Files\Google 2008-05-23 18:50 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Skype 2008-05-23 15:37 --------- d-----w C:\Program Files\Java 2008-05-23 15:28 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\skypePM 2008-05-14 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-02 09:04 --------- d-----w C:\Program Files\SpeedFan 2008-04-25 15:59 --------- d-----w C:\Program Files\Diablo II 2008-04-25 15:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-22 13:56 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Template 2008-04-17 16:20 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\U3 2008-04-10 01:47 --------- d-----w C:\Program Files\Combined Community Codec Pack 2008-04-06 18:57 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\vlc 2008-04-06 16:53 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\DivX 2008-04-06 16:45 --------- d-----w C:\Program Files\DivX 2008-04-06 16:41 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-04-06 16:41 47,360 ----a-w C:\Documents and Settings\HP_Omistaja\Application Data\pcouffin.sys 2008-04-06 16:41 --------- d-----w C:\Program Files\VSO 2008-04-06 16:41 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\Vso 2008-04-04 15:46 --------- d-----w C:\Program Files\DVD Decrypter 2008-04-03 21:17 --------- d-----w C:\Program Files\LimeWire 2008-04-03 17:13 --------- d-----w C:\Program Files\Opera 2008-03-30 14:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-03-30 14:40 --------- d-----w C:\Program Files\GRETECH 2008-03-30 14:40 --------- d-----w C:\Documents and Settings\HP_Omistaja\Application Data\GRETECH 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:01 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2007-11-28 22:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-01-01 12:57 159744] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:24 21898024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-20 10:47 249856] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-10-26 04:51 122929] "F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 11:57 684032] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51 217088] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 04:17 443968] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2007-06-28 20:37:11 32807] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax "vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL "vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL "vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll "vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll "vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll "vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll "msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm "vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll "vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll "vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll "msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm "msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm "msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm "vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll "vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll "vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll "vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll "vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll "vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll "vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll "vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL "vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL "vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll "vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll "vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll "vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll "vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll "vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll "vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv "vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv "msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm "vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL "vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL "vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL "msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM "vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll "vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll "msacm.divxa32"= msaud32_divx.acm "vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll "vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll "vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll "vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll "vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll "vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll "vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv "vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL "vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL "msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM "vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL "vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm "msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm "msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm "msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm "msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm "vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv "vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv "vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll "vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll "vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll "vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll "vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll "vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll "msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm "vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll "vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll "vidc.vp60"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll "vidc.vp61"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll "vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll "vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll "vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll "vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll "vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll "vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL "vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL "vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL "vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL "vidc.pim1"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll "msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm "vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll "vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll "msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm "vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll "vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll "vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll "vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll "vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll "vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll "msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm "vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton] --a------ 2004-01-01 12:57 159744 C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Opera\\program\\plugins\\alhlp.exe"= "C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2006-10-12 13:19] R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-06-28 20:37] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 16:37] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 17:30] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 16:37] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f814919-0c78-11dd-8421-00112f93944c}] \Shell\AutoRun\command - P:\LaunchU3.exe -a . 'Ajoitetut tehtävät'-kansion sisältö "2008-05-23 20:03:15 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-23 23:02:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-23 23:06:01 ComboFix-quarantined-files.txt 2008-05-23 20:05:07 Pre-Run: 61,125,656,576 tavua vapaana Post-Run: 61,126,565,888 tavua vapaana 317 --- E O F --- 2008-05-16 15:07:06
Lataa Tästä Ccleaner CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria! Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki". Asennuksen jälkeen aukaise CCleaner. Valitse vasemmalta pystyrivistä Options. Valitse viereisestä pystyrivistä Settings. Language kohtaan valitse Suomi. Puhdistaja Valitse vasemmalta pystyrivistä Puhdistaja. Paina alhaalta Tutki. Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.). Kun tutkiminen on valmis, paina Aja CCleaner. Nyt CCleaner poistaa löydetyt tempit, cookiessit jne. Rekisterin virheiden korjaus Valitse vasemmalta pystyrivistä Virheet. Paina alhaalta Etsi rekisterin virheitä. Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet. Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon. Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet. Saat vielä varmistus kysymyksen, paina Ok. Kun virheet on korjattu, paina Sulje. Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.
CCleaner on ajettu. Kiitos kun jaksoit tsekata logeja, kone on nopeutunut huomattavasti, vaikka yhä esittää Java fatal erroria sekä käsky osoitteessa 02...alkaa jo ottaa pattiin kun jossain on jotain, täytyy varmaan vielä kokeilla jotain online skanneria tms. vaikka luulisi tuon jo löytyneen. Kiitokset vielä sinulle.
