Koneeseen iski virus (ei muistu mikä) f-secure hoiti asiansa, tai niin ainakin luulen. MUTTA netti alkoi katkeilemaan, renew ip ja taas toimii hetken kunnes hukkuu jälleen... mistä tätä kannattasi alkaa selvittä? pistin nyt ton login jos siitä on apua? f-sucure ei löydä enää mitään,ei myöskään windows defender, s&d, ad aware ja ccleaner. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:38:20, on 31.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe D:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Program Files\Tanagra\Memeo\MemeoService.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE D:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\WINDOWS\System32\svchost.exe D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe D:\Program Files\F-Secure Internet Security\FSPC\fspc.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\ABIT\ABIT uGuru\uGuru.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe D:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE D:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\DAEMON Tools\daemon.exe D:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [CTFMon] F:\TOPFIELD\fkl\familykeylogger\asen\CTF\ctfmon.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "D:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Memeo Launcher.lnk = C:\Documents and Settings\M i k a\Application Data\Microsoft\Installer\{78A39E62-605C-4E8E-9674-31E03BEC29B7}\_8F1B0A23F0AC40B99A091F7F3D92B106.exe O4 - Global Startup: F-Secure 2006.lnk = D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: &Block this popup - D:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - D:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing) O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - -C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing) O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - -"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe O23 - Service: ServiceLayer - Unknown owner - -"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (file missing) O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - -"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (file missing) O23 - Service: Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing) -- End of file - 11837 bytes
scannaa hjt:llä merkkaa paina Fix checked O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) ===============0 Escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne.
kyllähän sieltä jotakin löytyi... File C:\Documents and Settings\M i k a\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed. File C:\Documents and Settings\M i k a\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
Deckard's System Scanner v20070729.57 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 Processor 3000+ Percentage of Memory in Use: 32% Physical Memory (total/avail): 2046.48 MiB / 1374.41 MiB Pagefile Memory (total/avail): 2660.42 MiB / 2146.32 MiB Virtual Memory (total/avail): 2047.88 MiB / 1952.08 MiB C: is Fixed (NTFS) - 11.72 GiB total, 0.91 GiB free. D: is Fixed (FAT32) - 36.11 GiB total, 9.85 GiB free. E: is CDROM (No Media) F: is Fixed (NTFS) - 138.46 GiB total, 15.86 GiB free. G: is CDROM (No Media) I: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: F-Secure Internet Security 2006 6.12 v6.12 (F-Secure Corporation) AV: F-Secure Internet Security 2006 6.12 v6.12 (F-Secure Corporation) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\sandra.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcSandraSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcDataSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "D:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"="D:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe:*:Enabled:F-Secure 2006" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "D:\\Program Files\\BitComet\\BitComet.exe"="D:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "D:\\Program Files\\DC++\\DCPlusPlus.exe"="D:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "D:\\Program Files\\eXeem\\eXeem.exe"="D:\\Program Files\\eXeem\\eXeem.exe:*:Enabled:eXeem" "D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\sandra.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcSandraSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcDataSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "D:\\Program Files\\ICQLite\\ICQLite.exe"="D:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" "D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "D:\\Pelit\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="D:\\Pelit\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" "F:\\Downloads\\utorrent.exe"="F:\\Downloads\\utorrent.exe:*:Enabled:µTorrent" "C:\\Documents and Settings\\M i k a\\Desktop\\Ohjelmat\\utorrent.exe"="C:\\Documents and Settings\\M i k a\\Desktop\\Ohjelmat\\utorrent.exe:*:Enabled:µTorrent" "D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "D:\\Pelit\\railroad\\RailRoads.exe"="D:\\Pelit\\railroad\\RailRoads.exe:*:Enabled:Sid Meier's Railroads!" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "F:\\Pelit\\rld-civ4\\peli\\Civilization4.exe"="F:\\Pelit\\rld-civ4\\peli\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner" "D:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"="D:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe:*:Enabled:F-Secure 2006" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\M i k a\Application Data CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MIKA ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\M i k a include=D:\C++\visual basic 6.0\VC98\atl\include;D:\C++\visual basic 6.0\VC98\mfc\include;D:\C++\visual basic 6.0\VC98\include lib=D:\C++\visual basic 6.0\VC98\mfc\lib;D:\C++\visual basic 6.0\VC98\lib LOGONSERVER=\\MIKA MSDevDir=D:\C++\common\MSDev98 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Borland Shared\Bde;C:\Program Files\ATI Technologies\ATI.ACE\;D:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Adobe\AGL;D:\C++\common\Tools\WinNT;D:\C++\common\MSDev98\Bin;D:\C++\common\Tools;D:\C++\visual basic 6.0\VC98\bin PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 31 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=1f00 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\MIKA~1\LOCALS~1\Temp TMP=C:\DOCUME~1\MIKA~1\LOCALS~1\Temp USERDOMAIN=MIKA USERNAME=M i k a USERPROFILE=C:\Documents and Settings\M i k a windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- M i k a (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter" --> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"News Service" --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D} --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "D:\Program Files\uTorrent\uninstall.exe" ABIT uGuru --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\Setup.exe" -l0x9 AC3Filter (remove only) --> D:\Program Files\AC3Filter\uninstall.exe Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747} Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102} Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71} Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F} Adobe Premiere Elements 3.0 --> msiexec /I {530AFAFF-6F0A-48BB-88D0-04F9658322D3} Adobe Premiere Elements 3.0 --> MsiExec.exe /I{530AFAFF-6F0A-48BB-88D0-04F9658322D3} Adobe Premiere Elements 3.0 Templates --> MsiExec.exe /I{6EACDDF4-4220-49A3-9204-984C86852C3D} Adobe Reader 7.0.9 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70900000002} Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C} Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Aerosoft's - Cape CanaveralX --> C:\Program Files\InstallShield Installation Information\{146DC042-4A22-4BC1-BBBD-16BC8E27E837}\Setup.exe -runfromtemp -l0x0009 -uninst -removeonly Aerosoft's - Flight Tales I --> C:\Program Files\InstallShield Installation Information\{92B44BC9-B9A1-43F7-ABBC-A197A34A656E}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly AGEIA PhysX v7.05.17 --> MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D} AMD Athlon 64 Processor Driver --> MsiExec.exe /X{ABC62001-AD9F-46DB-8668-9946154D6A07} ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{22C97984-6A68-4140-872E-B2F5123A7387} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean AtomFTP 1.01 --> "D:\Program Files\AtomFTP\unins000.exe" Audacity 1.2.6 --> "D:\Program Files\Audacity\unins000.exe" AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe" Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9 Battlefield 1942: Secret Weapons of WWII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9 Battlefield 1942: The Road To Rome --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9 Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0xb -removeonly BSPlayer --> "D:\Program Files\Webteh\BSplayer\uninstall.exe" Bubble Bobble Nostalgie --> D:\Pelit\Bubble Bobble Nostalgie\uninstal.exe BUFFALO Power Save Utility for HD --> C:\WINDOWS\UN040525.EXE /U CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe" CD-DA X-Tractor v0.24 --> "D:\Program Files\CD-DA X-Tractor\unins000.exe" CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} CodeVisionAVR Evaluation V1.25.6 --> "d:\cvavreval\unins000.exe" Colin McRae 2005 Polish language add-on --> C:\WINDOWS\iun6002.exe "C:\Program Files\Colin McRae 2005 Polish language add-on\irunin.ini" Colin McRae Rally 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC67770B-581D-4E96-B72A-A7907CE18725}\setup.exe" -l0x9 Collab --> D:\Program Files\Image-Line\Collab\uninstall.exe DC++ 0.674 --> "D:\Program Files\DC++\uninstall.exe" devicom - PC·PRO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{125466EC-8965-11D4-A771-00105A6811B6}\Setup.exe" DH Driver Cleaner Professional Edition --> D:\Program Files\Driver Cleaner Pro\Uninstall.exe Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe" DivX --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivXG400 --> "C:\WINDOWS\IPUI_DivXG400.exe" /U /D Driver: Parallel Lines --> C:\Program Files\InstallShield Installation Information\{31CB0D80-1866-462A-9455-88614410971F}\setup.exe -runfromtemp -l0x0009 -removeonly EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu" F-Secure Internet Security 2006 --> D:\PROGRA~1\F-SECU~1\Common\fsbwih.exe /uninstall ffdshow [rev 756] [2007-01-09] --> "D:\Program Files\ffdshow\unins000.exe" FL Studio 6 --> D:\Program Files\Image-Line\FL Studio 6\uninstall.exe Free DWG Viewer 5.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly FTP - Server for Topfield 1.16 --> "D:\Program Files\ftp4t\unins000.exe" GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG Gliderman --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-Gliderman.dat Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly GTR 2 1.0.0.0 --> "D:\Pelit\GTR2\Support\unins000.exe" HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" ICQ 5 --> D:\Program Files\ICQLite\ICQLiteUninstall.EXE Ifi Tilausohjelma 3.5 --> D:\Program Files\Ifi\OrderClient35\Uninstall.exe Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe" Indeo® software --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Intel\Indeo\Uninst.isu" -c"D:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll" InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL InterVideo WinRip --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D32D4182-DE6C-457E-838C-8D7B9CE332BA}\setup.exe" REMOVEALL J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060} KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1} Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0xb UNINSTALL -removeonly Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9 Logitech Harmony Remote Client --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9233F6E2-952D-48C5-A0A2-FA6AEEFA8194} /l1033 Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log MechWarrior 4 Mercenaries --> "C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\UNINSTAL.EXE" /runtemp /addremove MediaLife --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{362BFFCD-8274-11D8-97C8-000129760CBE}\setup.exe" -uninstall Memeo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{78A39E62-605C-4E8E-9674-31E03BEC29B7} Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD} Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40} Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5} Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual Studio 6.0 Enterprise Edition --> "D:\C++\common\Setup\1033\Setup.exe" Microsoft Works 2000 --> MsiExec.exe /I{FB1BC4E2-766F-11D3-AF55-00C04F443448} MicroStaff WINASPI --> C:\MWASPI\uninst.exe Mobile Phone Suite Easy Synchronization --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x9 MOV Converter 1.01 --> "D:\Program Files\Boilsoft MOV Converter\unins000.exe" Mozilla Firefox (2.0.0.6) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Multisim 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98E28570-B754-40B0-8B14-E242CB879EC5}\SETUP.exe" -l0x9 -removeonly Namco Museum 50th Anniversary --> MsiExec.exe /X{2FCAB582-E6F9-45AF-988D-869015108473} Native Instruments Traktor DJ Studio v3.0.2.098 --> D:\PROGRA~1\TRAKTOR\TRAKTO~1\UNWISE.EXE D:\PROGRA~1\TRAKTOR\TRAKTO~1\INSTALL.LOG Nero 6 Ultra Edition --> D:\Program Files\NERO\nero\uninstall\UNNERO.exe /UNINSTALL NetLimiter 1.30 (remove only) --> "D:\Program Files\NetLimiter\nluninst.exe" Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1} Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_web.exe /LANG="2057" Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2} Nokia Software Updater --> MsiExec.exe /X{6048DBA0-30EF-4DED-8818-B5E4C7418A89} Nvu 1.0 --> "D:\Program Files\Nvu\unins000.exe" Paint.NET v3.0 --> MsiExec.exe /X{816A0870-6EC0-4DFF-B97C-E2CF820D7D6C} PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E} PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PeerGuardian 2.0 --> "D:\Program Files\PeerGuardian2\unins000.exe" Picasa 2 --> "D:\Program Files\Picasa2\Uninstall.exe" PowerISO --> "D:\Program Files\PowerISO\uninstall.exe" PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} PunkBuster for Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9 QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Room Arranger (remove only) --> "D:\Program Files\Room Arranger\uninstall.exe" ScummVM 0.9.1 --> "D:\Program Files\ScummVM\unins000.exe" Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Sid Meier's Railroads! --> C:\Program Files\InstallShield Installation Information\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}\setup.exe -runfromtemp -l0x0009 -removeonly SiSoftware Sandra Lite 2005 (Win64/32/CE) --> "D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\unins000.exe" Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Sony Photo Manager --> MsiExec.exe /I{CBCF7AA4-9ADB-468A-AAF5-AE6B62DD9103} Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL SpeedFan (remove only) --> "D:\Program Files\SpeedFan\uninstall.exe" Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" TeamSpeak 2 RC2 --> "D:\Program Files\Teamspeak2_RC2\unins001.exe" Test Drive Unlimited --> MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0} TG Editor --> F:\Pelit\TRANSP~1\peli\\UNWISE.EXE F:\Pelit\TRANSP~1\peli\\INSTALL.LOG Time Adjuster v2.9 (STANDARD) --> D:\Program Files\Sub Adjust\TimeAdjuster\uninstall.exe TrackMania United DVD Patch 2006-12-15 --> "D:\Pelit\Trackmania\TrackMania United\unins000.exe" Transport Giant GOLD --> MsiExec.exe /I{A248972D-94ED-43EB-9BEF-284C9921FE2B} VIA Integrated Setup Wizard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C} Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe" Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734} Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790} Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WINXP SP2 TCP Fix --> C:\PROGRA~1\WINXPS~1\UNWISE.EXE C:\PROGRA~1\WINXPS~1\INSTALL.LOG Virtual DJ - Atomix Productions --> D:\PROGRA~1\VIRTUA~1\UNWISE.EXE D:\PROGRA~1\VIRTUA~1\INSTALL.LOG XML Paper Specification Shared Components Pack 1.0 --> XviD MPEG-4 Video Codec --> "D:\Program Files\XviD\unins000.exe" -- End of Deckard's System Scanner: finished at 2007-08-02 at 16:36:37 --------- Deckard's System Scanner v20070729.57 Run by M i k a on 2007-08-02 at 16:32:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 12: 2007-08-02 13:32:39 UTC - RP842 - Deckard's System Scanner Restore Point 11: 2007-08-02 12:14:49 UTC - RP841 - System Checkpoint 10: 2007-08-01 11:48:21 UTC - RP840 - Software Distribution Service 3.0 9: 2007-07-31 13:22:53 UTC - RP839 - Software Distribution Service 3.0 8: 2007-07-31 12:48:00 UTC - RP838 - Removed Tom Clancy's Ghost Recon Advanced Warfighter® 2 -- First Restore Point -- 1: 2007-07-26 08:00:05 UTC - RP831 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as M i k a.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:34:58, on 2.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Program Files\Tanagra\Memeo\MemeoService.exe D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE D:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\Logitech\Easy Synchronization\servicestub.exe D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Program Files\ABIT\ABIT uGuru\uGuru.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe D:\Program Files\F-Secure Internet Security\FSPC\fspc.exe D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Documents and Settings\M i k a\Desktop\dss.exe D:\PROGRA~1\TRENDM~1\HIJACK~1\M i k a.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: F-Secure 2006.lnk = D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: &Block this popup - D:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - D:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing) O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - -C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing) O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - -"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - -"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (file missing) O23 - Service: Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing) -- End of file - 10692 bytes -- HijackThis Fixed Entries (D:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070731-151927-783 O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm backup-20070731-151927-178 O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm backup-20070731-151927-930 O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm backup-20070731-151927-752 O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML backup-20070731-151927-705 O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab backup-20070731-151928-735 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL backup-20070731-152010-579 O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi backup-20070731-152100-717 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi backup-20070731-152116-100 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sonera Internet backup-20070801-091404-706 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) backup-20070801-091404-748 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20070801-091404-528 O23 - Service: ServiceLayer - Unknown owner - -"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (file missing) -- File Associations ----------------------------------------------------------- .txt - TXT_File - DefaultIcon - unable to read value .txt - TXT_File - shell\open\command - notepad.exe %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield> R0 giveio - c:\windows\system32\giveio.sys R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 uGuru - c:\windows\system32\drivers\uguru.sys <Not Verified; ABIT Computer Corporation; uGuru V2.0 device driver> R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools> R2 F-Secure Filter (F-Secure File System Filter) - d:\program files\f-secure internet security\anti-virus\win2k\fsfilter.sys R2 F-Secure Gatekeeper - d:\program files\f-secure internet security\anti-virus\win2k\fsgk.sys R2 F-Secure Recognizer (F-Secure File System Recognizer) - d:\program files\f-secure internet security\anti-virus\win2k\fsrec.sys R2 IOPort - c:\windows\system32\drivers\ioport.sys <Not Verified; Erik Salaj; IOPort> R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint> R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT> R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD> R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus> S1 atitray - -\??\c:\program files\radeon omega drivers\v3.8.291\ati tray tools\atitray.sys (file missing) S3 btaudio (Bluetooth-äänilaite) - c:\windows\system32\drivers\btaudio.sys (file missing) S3 BTDriver (Bluetooth-näennäistietoliikenneohjain) - c:\windows\system32\drivers\btport.sys (file missing) S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing) S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing) S3 cdrmkaun - c:\docume~1\mika~1\locals~1\temp\cdrmkaun.sys (file missing) S3 DFUBTUSB (WIDCOMM USB Bluetooth Driver in DFU State) - c:\windows\system32\drivers\frmupgr.sys (file missing) S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing) S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip> S3 LHidUsbK (SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech Inc.; Logitech SetPoint> S3 Memctl - -\??\c:\program files\abit\abit uguru\memctl.sys (file missing) S3 sdcplh - c:\windows\system32\drivers\sdcplh.sys <Not Verified; ; SDCPLH> S3 TFBULK (Topfield USB client driver) - c:\windows\system32\drivers\tfbulk.sys <Not Verified; Topfield Co., Ltd.; > S3 Via4in1 - c:\docume~1\mika~1\locals~1\temp\pft3~tmp\via4in1.sys (file missing) S3 Winflash - -\??\c:\program files\abit\abit uguru\winflash.sys (file missing) S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 BackWeb Plug-in - 4476822 (F-Secure 2006) - d:\progra~1\f-secu~1\backweb\4476822\program\servic~1.exe <Not Verified; F-Secure Internet Security 2005; RunnerEXE Application> R2 BMUService (Memeo) - "c:\program files\tanagra\memeo\memeoservice.exe" <Not Verified; Tanagra, Inc.; Memeo> R2 fsbwsys - "d:\program files\f-secure internet security\backweb\4476822\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb> R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "d:\program files\f-secure internet security\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corporation; F-Secure Corp. Startup service> R2 FSMA - "d:\program files\f-secure internet security\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent> R2 Logitech Easy Synchronization - c:\program files\logitech\easy synchronization\servicestub.exe R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "d:\program files\f-secure internet security\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield> R3 fshttps (F-Secure HTTP Server) - "d:\program files\f-secure internet security\fspc\fshttps\fshttps.exe" <Not Verified; F-Secure Corporation; F-Secure Parental Control> S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - -"c:\program files\bonjour\mdnsresponder.exe" (file missing) S2 LBTServ (Logitech Bluetooth Service) - -c:\program files\common files\logitech\bluetooth\lbtserv.exe (file missing) S2 MDM (Machine Debug Manager) - -"c:\program files\common files\microsoft shared\vs7debug\mdm.exe" (file missing) S2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - -"c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -ssqlexpress (file missing) S3 FLEXnet Licensing Service - -"c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" (file missing) S3 gusvc (Google Updater Service) - -"c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing) S3 ose (Office Source Engine) - -"c:\program files\common files\microsoft shared\source engine\ose.exe" (file missing) S3 SQLWriter (SQL Server VSS Writer) - -"c:\program files\microsoft sql server\90\shared\sqlwriter.exe" (file missing) S3 usnjsvc (Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu) - -"c:\program files\msn messenger\usnsvc.exe" (file missing) S3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - -"c:\program files\windows media player\wmpnetwk.exe" (file missing) S4 MSSQLServerADHelper (SQL Server Active Directory Helper) - -"c:\program files\microsoft sql server\90\shared\sqladhlp90.exe" (file missing) S4 ServiceLayer - -"c:\program files\pc connectivity solution\servicelayer.exe" (file missing) S4 SQLBrowser (SQL Server Browser) - -"c:\program files\microsoft sql server\90\shared\sqlbrowser.exe" (file missing) -- Scheduled Tasks ------------------------------------------------------------- 2007-08-02 13:13:55 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2007-08-02 13:12:03 544 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job 2007-07-27 17:15:00 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job -- Files created between 2007-07-02 and 2007-08-02 ----------------------------- 2007-08-01 20:10:02 0 dr-h----- C:\Documents and Settings\M i k a\Recent 2007-08-01 09:22:45 0 d-------- C:\Kaspersky 2007-07-08 19:33:58 0 d-------- C:\WINDOWS\system32\AGEIA 2007-07-08 19:33:58 0 d-------- C:\Program Files\AGEIA Technologies -- Find3M Report --------------------------------------------------------------- 2007-08-01 10:43:29 0 d-------- C:\Documents and Settings\M i k a\Application Data\uTorrent 2007-07-31 15:48:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-09 11:37:01 0 d-------- C:\Documents and Settings\M i k a\Application Data\My Games 2007-07-08 19:33:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-05 19:37:29 0 d-------- C:\Program Files\Common Files\Logitech 2007-06-17 10:08:27 0 d-------- C:\Program Files\DaemonTools_WhenUSave_Installer 2007-06-07 15:05:26 1187840 --a------ C:\WINDOWS\system32\winsflt.dll 2007-06-06 13:42:03 0 d-------- C:\Documents and Settings\M i k a\Application Data\Lavasoft 2007-06-06 13:41:49 0 d-------- C:\Program Files\Windows Defender 2007-05-09 15:14:36 1011 --a------ C:\WINDOWS\eReg.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 10:56 C:\WINDOWS\system32\bthprops.cpl] "Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [05.10.2005 12:00] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10.05.2006 11:12] "ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [13.09.2004 14:37] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [23.01.2007 15:44 C:\WINDOWS\KHALMNPR.Exe] "F-Secure Manager"="D:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [26.10.2005 04:51] "F-Secure TNB"="D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [18.07.2005 17:51] "F-Secure Startup Wizard"="D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [18.10.2005 11:29] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23.01.2007 15:44 C:\WINDOWS\KHALMNPR.Exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:56] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19.01.2007 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ F-Secure 2006.lnk - D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe [24.12.2006 22:36:34] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [9.4.2007 20:00:04] Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [5.7.2007 19:37:25] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [05.10.2005 12:00 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 30.01.2007 02:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\Laajakaista.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\Autorun.exe -- End of Deckard's System Scanner: finished at 2007-08-02 at 16:36:37 ---------
kyllä pätkii. ip osoite, subnet address, default gateway muuttuu kaikki muotoon 0.0.0.0 Tämä siis välillä kerran pari päivässä , välillä taas vartin välein. Kun pitäis olla 10.0.03 tai 255.255.255.0 jne... kun cmd:n kautta ipconfig/release ja ipconfig/renew tulee virhe ilmoitus mutta netti kuitenkin alkaa toimia.
