Logfile of HijackThis v1.99.1 Scan saved at 23:06:39, on 12.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe C:\PROGRA~1\TIETOT~1\ANTI-S~1\fsaw.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\Program Files\QuickTime\qttask.exe D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe D:\Työkalut & Ohjelmat\nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe D:\Työkalut & Ohjelmat\Tor\Tor\tor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe D:\Työkalut & Ohjelmat\Tor\Privoxy\privoxy.exe C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe C:\hjt\scanner.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet 0.88\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\kyhhdhlu.dll",realset O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Työkalut & Ohjelmat\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Eraser] D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [WinSnap] D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Privoxy.lnk = ? O4 - Global Startup: Tietoturvapalvelu.lnk = C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html O8 - Extra context menu item: Download all links using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168774122109 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files\Freenet\wrapper.conf (file missing) O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
Ensin lataa LSPfix.exe http://www.cexx.org/lspfix.htm sopivaan sijaintiin (kuten C:\Program Files\LSPFix tai vaikkapa työpöydälle). ÄLÄ aja tätä ohjelmaa vielä. Tätä tulee käyttää VAIN jos internetyhteys häviää NewDotNetin poiston jäljiltä. NewDotNetin poisto; Mene; Käynnistä > Ohjauspaneeli > Lisää/Poista sovellus ja hävitä seuraava jos näkyy; New.Net Applications tai New.Net Domains (Mitä vain mikä sanoo New.Net) Jos Lisää/Poista sovelluksessa ei ole New.Net listattu, toimi näin. Varmista että anti-virus ja anti-spyware ohjelmat ovat suljettuna poiston ajan. Ne saattavat estää New.Netin poiston. Lataa NNuninstall.exe: http://www.new.net/support/NNuninstall.exe • Tallenna se työpöydällesi. • Tupla-klikkaa NNuninstall.exe filua. • Ohjelma kysyy haluatko poistaa kaikki New.Netin nimet ja osat. • Klikkaa Yes. • Klikkaa poiston jälkeen OK. • Käynnistä kone uudelleen ("Yes - Restart now") ellei jäänyt mitään muuta kesken, jos jäi, jätä kone päälle ("No - I will restart later). Jos poisto ei onnistu ja virustorjuntaohjelma(t) estävät poisto-ohjelman ajon kokonaan tai osittain, tee näin: Irrota koneen verkko- tai modeemijohto koneesta siten, ettei sillä ole yhteyttä internettiin. Sulje tämän jälkeen virustorjuntaohjelma(t) ja aja NNuninstall.exe. Laita tämän jälkeen virustorjuntaohjelma(t) takaisin päälle ja vasta sitten kytke verkko- tai modeemijohto takaisin koneeseen. Tyhjennä roskakori. JOS menetät nettiyhteytesi kun olet New.Netin poistanut, tupla-klikkaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta. Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>". Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin. Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix. Tule joltain toiselta koneelta hakemaan lisää neuvoa. (Tämä on vain varotoimenpide, useimmiten netti pysyy ihan kunnossa ================ Lataa VundoFix.exe työpöydällesi. Tupla-klikkaa VundoFix.exe ajaaksesi sen. Klikkaa Scan for Vundo valintaa. Kun skannaus on valmis, klikkaa Remove Vundo valintaa. Sinulta kysytään haluatko poistaa filut - klikkaa YES. Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä. ================= Ohje AVG:n Anti-Spyware 7.5:n käyttöön Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa. Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta Lataa AVG:n Anti-Spyware 7.5:n ja tallenna ohjelma työpöydällesi. o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. o Käynnistä AVG:n Anti-Spyware. o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". o Sitten "Reports" valikon alta: o Laita täppi kohtaan "Automatically generate report after every scan" o Ota täppi pois kohdasta"Only if threats were found" o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa o "Resident shield is", muuta tila active:sta inactive:ksi o Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä koneesi vikasietotilaan, sammuta ja käynnistä käynnistyksen yhteydessä naputtele F8 valitse nuoli näppäimellä vikasietotila paina enter ja enter HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta. o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware. o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
tässä vundofixin raportti: (mulla on ollu vundifix ennestäänkin koneella kuten näet) VundoFix V6.1.5 Checking Java version... Java version is 1.5.0.8 Scan started at 18:06:27 23.3.2007 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.1.5 Checking Java version... Java version is 1.5.0.8 Scan started at 22:48:11 5.5.2007 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.3.23 Checking Java version... Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 19:17:10 20.5.2007 Listing files found while scanning.... C:\WINDOWS\system32\cqdtieha.dll C:\WINDOWS\system32\gvkeupuk.dll C:\WINDOWS\system32\kyhhdhlu.dll C:\WINDOWS\system32\oxxhvclx.dll C:\WINDOWS\system32\pyheqepy.dll C:\WINDOWS\system32\ulhdhhyk.ini C:\WINDOWS\system32\umxsxied.dll Beginning removal... VundoFix V6.5.4 Checking Java version... Java version is 1.5.0.8 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 11:29:00 13.7.2007 Listing files found while scanning.... C:\windows\system32\cqdtieha.dll C:\windows\system32\gvkeupuk.dll C:\WINDOWS\system32\kyhhdhlu.dll C:\windows\system32\oxxhvclx.dll C:\windows\system32\pyheqepy.dll C:\windows\system32\ulhdhhyk.ini C:\windows\system32\umxsxied.dll Beginning removal... Attempting to delete C:\windows\system32\cqdtieha.dll C:\windows\system32\cqdtieha.dll Has been deleted! Attempting to delete C:\windows\system32\gvkeupuk.dll C:\windows\system32\gvkeupuk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kyhhdhlu.dll C:\WINDOWS\system32\kyhhdhlu.dll Has been deleted! Attempting to delete C:\windows\system32\oxxhvclx.dll C:\windows\system32\oxxhvclx.dll Has been deleted! Attempting to delete C:\windows\system32\pyheqepy.dll C:\windows\system32\pyheqepy.dll Has been deleted! Attempting to delete C:\windows\system32\ulhdhhyk.ini C:\windows\system32\ulhdhhyk.ini Has been deleted! Attempting to delete C:\windows\system32\umxsxied.dll C:\windows\system32\umxsxied.dll Has been deleted! Performing Repairs to the registry. Done! hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:08:04, on 15.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\hjt\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet 0.88\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Työkalut & Ohjelmat\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [WinSnap] D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe /startup O4 - HKCU\..\Run: [Vidalia] "D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Eraser] D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Privoxy.lnk = ? O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html O8 - Extra context menu item: Download all links using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168774122109 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe (file missing) O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe -- End of file - 10640 bytes --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 0:04:11 15.7.2007 + Scan result: C:\System Volume Information\_restore{13008B8B-28EC-4A95-8016-FDFC43DCF295}\RP0\A0000004.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\System Volume Information\_restore{13008B8B-28EC-4A95-8016-FDFC43DCF295}\RP0\A0000005.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). D:\System Volume Information\_restore{13008B8B-28EC-4A95-8016-FDFC43DCF295}\RP0\A0000003.exe -> Hijacker.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{13008B8B-28EC-4A95-8016-FDFC43DCF295}\RP0\A0000006.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined). D:\System Volume Information\_restore{13008B8B-28EC-4A95-8016-FDFC43DCF295}\RP0\A0000007.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned with backup (quarantined). ::Report end
Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. ======================== Lataa tuolta http://www.ccleaner.com/download/builds.aspx CCleaner v1.34.407 - Basic, ÄLÄ aseenna Yahoo toolbaria! laita asetukset näin: Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot. aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi ================= 1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla 2. Valitse ominaisuudet 3. Valitse järjestelmän palauttaminen välilehti 4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa 5. Paina Käytä 6. Paina ok 7. Sammuta ja käynnistä 8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa 9. Käytä ja OK
Avaa ohjauspaneliin lisää/poista sovellus ja poista dealio jos on, myös tämä kansio C:\Program Files\Dealio R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/intl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll ========== Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
main.txt: Deckard's System Scanner v20070711.54 Run by ghjf on 2007-07-17 at 12:29:57 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2007-07-17 09:30:00 UTC - RP3 - Deckard's System Scanner Restore Point 2: 2007-07-17 09:26:27 UTC - RP2 - Removed Dealio Toolbar 1: 2007-07-17 09:23:43 UTC - RP1 - Järjestelmän tarkistuspiste Backed up registry hives. Performed disk cleanup. -- HijackThis (run as ghjf.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:21, on 17.7.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\Program Files\QuickTime\qttask.exe D:\Työkalut & Ohjelmat\nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE C:\WINDOWS\ehome\ehtray.exe C:\PROGRA~1\TIETOT~1\ANTI-S~1\fsaw.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\eHome\ehmsas.exe D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Työkalut & Ohjelmat\Tor\Tor\tor.exe D:\Työkalut & Ohjelmat\Tor\Privoxy\privoxy.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe C:\Documents and Settings\ghjf\Desktop\dss.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\hjt\ghjf.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet 0.88\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Työkalut & Ohjelmat\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [WinSnap] D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe /startup O4 - HKCU\..\Run: [Vidalia] "D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Eraser] D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Privoxy.lnk = ? O4 - Global Startup: Tietoturvapalvelu.lnk = C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Download all links using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168774122109 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe (file missing) O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe -- End of file - 13395 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield> R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System> R1 hmonitor - c:\windows\system32\drivers\hmonitor.sys R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R1 truecrypt - c:\windows\system32\drivers\truecrypt.sys <Not Verified; TrueCrypt Foundation; TrueCrypt> R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\tietoturvapalvelu\anti-virus\win2k\fsfilter.sys R2 F-Secure Gatekeeper - c:\program files\tietoturvapalvelu\anti-virus\win2k\fsgk.sys R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\tietoturvapalvelu\anti-virus\win2k\fsrec.sys R3 Maplom - c:\windows\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pgfilter - d:\työkalut & ohjelmat\peerguardian2\pgfilter.sys S3 GMSIPCI - e:\install\gmsipci.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 BackWeb Plug-in - 227364 (Tietoturvapalvelu) - c:\progra~1\tietot~1\backweb\227364\program\servic~1.exe <Not Verified; BackWeb Technologies Inc.; RunnerEXE Application> R2 fsbwsys - "c:\program files\tietoturvapalvelu\backweb\227364\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb> R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "c:\program files\tietoturvapalvelu\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service> R2 FSMA (F-Secure Management Agent) - "c:\program files\tietoturvapalvelu\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent> R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\tietoturvapalvelu\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield> R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> S2 freenet-darknet-8888 (Freenet 0.7 darknet-8888) - "c:\program files\freenet\bin\wrapper-windows-x86-32.exe" -s "c:\program files\freenet\wrapper.conf" (file missing) S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Scheduled Tasks ------------------------------------------------------------- 2007-07-17 10:45:40 568 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job 2007-07-14 18:48:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-06-17 and 2007-07-17 ----------------------------- 2007-07-17 12:20:12 0 dr-h----- C:\Documents and Settings\ghjf\Recent 2007-07-15 11:37:37 0 d-------- C:\Program Files\Common Files\Java 2007-07-14 13:14:28 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2007-07-14 13:14:28 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software> 2007-07-14 13:14:28 217088 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec> 2007-07-14 13:14:28 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv> 2007-07-14 13:14:27 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-07-14 13:14:27 593920 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-07-14 13:14:27 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70> 2007-07-14 13:14:27 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6> 2007-07-14 13:14:26 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-14 13:14:25 0 d-------- C:\Documents and Settings\ghjf\Application Data\Real 2007-07-14 13:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Real 2007-07-13 20:46:05 32256 --a------ C:\WINDOWS\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal> 2007-07-13 16:34:57 0 d-------- C:\WINDOWS\UbiSoft 2007-07-13 12:37:08 0 d-------- C:\WINDOWS\pss 2007-07-13 11:42:10 0 d-------- C:\Documents and Settings\ghjf\Application Data\Grisoft 2007-07-13 11:41:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-07-12 23:47:21 0 d-------- C:\Documents and Settings\ghjf\Application Data\Media Player Classic 2007-07-11 22:26:07 0 dr-h----- C:\Documents and Settings\LocalService\Recent 2007-07-10 18:49:12 0 d-------- C:\WINDOWS\network diagnostic 2007-07-09 19:33:00 1356 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache 2007-07-09 15:11:19 164962 --a------ C:\WINDOWS\Video Cleaner Pro Uninstaller.exe 2007-07-09 15:11:18 0 d-------- C:\Program Files\Common Files\River Past 2007-07-09 15:11:18 0 d-------- C:\Documents and Settings\ghjf\Application Data\River Past G5 2007-07-09 15:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\River Past G5 2007-07-09 14:17:27 0 d--h----- C:\Program Files\System32 2007-07-07 13:23:10 0 d-------- C:\hjt 2007-07-07 02:10:00 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-07-06 14:05:41 0 d-------- C:\Docum 2007-07-06 13:01:34 2013 -r-h----- C:\WINDOWS\system32\drivers\hosts 2007-07-05 23:36:08 0 d-------- C:\Program Files\vso 2007-07-05 23:36:07 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)> 2007-07-05 23:36:07 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)> 2007-07-05 23:36:07 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)> 2007-07-05 22:03:54 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk 2007-07-05 19:48:45 0 d-------- C:\Documents and Settings\ghjf\Application Data\dvdcss 2007-07-03 17:44:13 0 d-------- C:\Program Files\NCH Swift Sound 2007-07-03 17:31:24 0 d-------- C:\Documents and Settings\ghjf\Application Data\Nokia Multimedia Player 2007-07-03 03:29:26 0 d-------- C:\Program Files\Common Files\PCSuite 2007-07-03 03:29:25 0 d-------- C:\Program Files\Common Files\Nokia 2007-07-03 03:19:30 0 d-------- C:\Documents and Settings\ghjf\Phone Browser 2007-07-03 03:15:56 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2007-07-03 03:15:47 0 d-------- C:\Documents and Settings\ghjf\Application Data\Nokia 2007-07-03 03:15:19 0 d-------- C:\Program Files\DIFX 2007-07-03 03:15:17 0 d-------- C:\Documents and Settings\ghjf\Application Data\PC Suite 2007-07-03 03:15:08 0 d-------- C:\Program Files\PC Connectivity Solution 2007-07-03 03:14:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations 2007-07-02 14:22:56 0 d-------- C:\Documents and Settings\ghjf\Application Data\FoxieSpywareSwiftSweeper 2007-07-02 14:22:01 0 d-------- C:\Program Files\Foxie Suite 2007-07-01 04:20:13 0 d-------- C:\Documents and Settings\ghjf\Application Data\Ahead 2007-07-01 04:19:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2007-07-01 04:18:11 0 d-------- C:\Program Files\Nero 2007-07-01 04:18:11 0 d-------- C:\Program Files\Common Files\Ahead 2007-07-01 04:18:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-06-30 22:57:41 0 d-------- C:\Program Files\iPod 2007-06-30 22:56:38 0 d-------- C:\Program Files\QuickTime 2007-06-30 22:55:39 0 d------c- C:\WINDOWS\system32\DRVSTORE 2007-06-30 22:55:13 0 d-------- C:\Program Files\Common Files\Apple 2007-06-30 22:55:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-06-25 23:34:05 0 d-------- C:\Documents and Settings\ghjf\Application Data\InstallShield 2007-06-25 12:01:49 49152 --a------ C:\WINDOWS\system32\apache.dll 2007-06-24 17:22:41 0 dr-h----- C:\Documents and Settings\ghjf\Application Data\SecuROM 2007-06-24 17:22:39 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > 2007-06-21 11:42:32 7188 --a------ C:\WINDOWS\system32\drivers\Hmonitor.sys -- Find3M Report --------------------------------------------------------------- 2007-07-17 12:31:57 0 d-------- C:\Documents and Settings\ghjf\Application Data\Vidalia 2007-07-17 12:31:55 0 d-------- C:\Documents and Settings\ghjf\Application Data\tor 2007-07-17 12:22:54 0 d-------- C:\Documents and Settings\ghjf\Application Data\OpenOffice.org2 2007-07-15 11:37:56 0 d-------- C:\Program Files\Java 2007-07-13 23:14:36 0 d-------- C:\Documents and Settings\ghjf\Application Data\Vso 2007-07-13 21:03:09 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-12 22:31:03 0 d-------- C:\Documents and Settings\ghjf\Application Data\BSplayer Pro 2007-07-10 22:35:10 0 d-------- C:\Documents and Settings\ghjf\Application Data\LimeWire 2007-07-07 04:49:37 60452 --a------ C:\Documents and Settings\ghjf\Application Data\DVDSubEditLastFile.txt 2007-07-07 04:49:17 798 --a------ C:\Documents and Settings\ghjf\Application Data\DVDSubEdit.ini 2007-07-07 02:56:07 0 d-------- C:\Documents and Settings\ghjf\Application Data\PgcEdit 2007-07-05 21:06:50 0 d-------- C:\Program Files\Messenger 2007-07-05 20:47:30 34 --a------ C:\Documents and Settings\ghjf\Application Data\pcouffin.log 2007-07-05 20:47:19 47360 --a------ C:\Documents and Settings\ghjf\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2007-07-05 20:47:19 1144 --a------ C:\Documents and Settings\ghjf\Application Data\pcouffin.inf 2007-07-05 20:47:19 7887 --a------ C:\Documents and Settings\ghjf\Application Data\pcouffin.cat 2007-07-04 12:14:43 76761 --a------ C:\Documents and Settings\ghjf\Application Data\NMM-MetaData.db 2007-07-01 13:12:05 0 d-------- C:\Documents and Settings\ghjf\Application Data\Apple Computer 2007-07-01 04:09:49 0 d-------- C:\Program Files\Ahead 2007-06-25 20:55:16 0 d-------- C:\Program Files\Gran Paradiso 2007-06-11 16:28:03 0 d-------- C:\Documents and Settings\ghjf\Application Data\SopCast 2007-06-09 06:14:10 564224 --a------ C:\WINDOWS\system32\x264vfw.dll 2007-06-08 21:50:32 0 d-------- C:\Documents and Settings\ghjf\Application Data\uTorrent 2007-05-30 14:33:32 0 d-------- C:\Documents and Settings\ghjf\Application Data\vlc 2007-05-27 17:58:24 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper> 2007-05-25 22:56:05 0 d-------- C:\Documents and Settings\ghjf\Application Data\AccurateRip 2007-05-25 22:55:21 13010 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2007-05-17 01:13:38 3922 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-05 22:54:03 386388 ---hs---- C:\WINDOWS\system32\mlkkj.ini2 2007-05-04 22:04:22 607759 ---hs---- C:\WINDOWS\system32\mlkkj.bak1 2007-05-04 22:03:39 610874 ---hs---- C:\WINDOWS\system32\mlkkj.bak2 2007-05-03 16:26:34 28 --a------ C:\WINDOWS\system32\autoscan0.dll 2007-04-24 16:07:58 32 --a------ C:\WINDOWS\go 2007-04-23 16:44:10 4 --a------ C:\WINDOWS\system32\micrs.dll 2007-04-23 03:02:34 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-04-23 02:15:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 02:02:36 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-04-19 11:23:36 148992 --a------ C:\WINDOWS\system32\nsesetup.dll <Not Verified; Nokia; > -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {089FD14D-132B-48FC-8861-0048AE113215} C:\Program Files\SiteAdvisor\6066\SiteAdv.dll {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} D:\Työkalut & Ohjelmat\BitComet 0.88\tools\BitCometBHO_1.1.5.19.dll [x] {432CAE3B-690F-4C3B-BD97-070EBDA210D5} C:\Program Files\Foxie Suite\foxietoolbaru.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll {C65185B1-D52B-44A9-861F-8201B50D1F37} C:\Program Files\Foxie Suite\foxiecoreu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray" "SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "PCSuiteTrayApplication"="D:\\Työkalut & Ohjelmat\\nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" "News Service"="\"C:\\Program Files\\Tietoturvapalvelu\\FSGUI\\ispnews.exe\"" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "iTunesHelper"="\"D:\\Työkalut & Ohjelmat\\iTunes\\iTunesHelper.exe\"" "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "F-Secure TNB"="\"C:\\Program Files\\Tietoturvapalvelu\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW" "F-Secure Startup Wizard"="\"C:\\Program Files\\Tietoturvapalvelu\\FSGUI\\FSSW.EXE\" /reboot" "F-Secure Manager"="\"C:\\Program Files\\Tietoturvapalvelu\\Common\\FSM32.EXE\" /splash" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "WinSnap"="D:\\Työkalut & Ohjelmat\\WinSnap\\WinSnap.exe /startup" "Vidalia"="\"D:\\Työkalut & Ohjelmat\\Tor\\Vidalia\\vidalia.exe\"" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "PeerGuardian"="D:\\Työkalut & Ohjelmat\\PeerGuardian2\\pg2.exe" "Eraser"="D:\\Työkalut & Ohjelmat\\Eraser\\Eraser\\eraser.exe -hide" "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Nokia.PCSync"="D:\\Työkalut & Ohjelmat\\nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=dword:00000001 "NoDesktop"=dword:00000000 "NoActiveDesktop"=dword:00000000 "HideClock"=dword:00000000 "NoManageMyComputerVerb"=dword:00000000 "NoLowDiskSpaceChecks"=dword:00000000 "NoCDBurning"=dword:00000000 "NoStartMenuPinnedList"=dword:00000000 "NoStartMenuMFUprogramsList"=dword:00000000 "NoUserNameInStartMenu"=dword:00000000 "StartmenuLogoff"=dword:00000000 "NoStartMenuSubFolders"=dword:00000000 "NoCommonGroups"=dword:00000000 "NoRecentDocsMenu"=dword:000f4240 "NoPrinterTabs"=dword:00000000 "NoDeletePrinter"=dword:00000000 "NoAddPrinter"=dword:00000000 "NoPrinters"=dword:00000000 "NoNetworkConnections"=dword:00000000 "NoFavoritesMenu"=dword:00000000 "NoRun"=dword:00000000 "NoFind"=dword:00000000 "NoClose"=dword:00000000 "NoSetFolders"=dword:00000000 "NoSMHelp"=dword:00000000 "NoChangeStartMenu"=dword:00000000 "NoViewContextMenu"=dword:00000000 "NoFileMenu"=dword:00000000 "NoShellSearchButton"=dword:00000000 "NoToolbarCustomize"=dword:00000000 "NoRecentDocsNetHood"=dword:00000000 "NoChangeAnimation"=dword:00000000 "NoChangeKeyboardNavigationIndicators"=dword:00000000 "NoThemesTab"=dword:00000000 "NoRecentDocsHistory"=hex:00,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{A782E194-EA97-4F2A-99C1-8EB42A0B519E}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PGFILTER -- Hosts ----------------------------------------------------------------------- 0.0.0.0 123spywar.com 0.0.0.0 www.123spywar.com 0.0.0.0 1clickspyclean.com 0.0.0.0 www.1clickspyclean.com 0.0.0.0 1clicksuite.net 0.0.0.0 www.1clicksuite.net 0.0.0.0 1spyware-removal.com 0.0.0.0 www.1spyware-removal.com 0.0.0.0 1spywarekiller.com 0.0.0.0 www.1spywarekiller.com 2819 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-07-17 at 12:32:17 ---------
extra.txt: Deckard's System Scanner v20070711.54 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz CPU 1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz Percentage of Memory in Use: 35% Physical Memory (total/avail): 2047.17 MiB / 1323.53 MiB Pagefile Memory (total/avail): 3943.04 MiB / 3315.23 MiB Virtual Memory (total/avail): 2047.88 MiB / 1952.95 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 48.83 GiB total, 22.4 GiB free. D: is Fixed (NTFS) - 249.25 GiB total, 121.75 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. UpdatesDisableNotify is set. FW: Tietoturvapalvelu 6.01 v6.01 (F-Secure Corporation) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled Outdated AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled AV: Tietoturvapalvelu 6.01 v6.01 (F-Secure Corporation) AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Tietoturvapalvelu\\backweb\\227364\\Program\\fspex.exe"="C:\\Program Files\\Tietoturvapalvelu\\backweb\\227364\\Program\\fspex.exe:*:Enabled:Tietoturvapalvelu" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019" "C:\\Program Files\\Tietoturvapalvelu\\backweb\\227364\\Program\\fspex.exe"="C:\\Program Files\\Tietoturvapalvelu\\backweb\\227364\\Program\\fspex.exe:*:Enabled:Tietoturvapalvelu" "D:\\Työkalut & Ohjelmat\\Bitcomet\\BitComet.exe"="D:\\Työkalut & Ohjelmat\\Bitcomet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "D:\\Työkalut & Ohjelmat\\Ares Galaxy\\Ares\\Ares.exe"="D:\\Työkalut & Ohjelmat\\Ares Galaxy\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "D:\\Työkalut & Ohjelmat\\eMule\\emule.exe"="D:\\Työkalut & Ohjelmat\\eMule\\emule.exe:*:Enabled:eMule" "D:\\Pelit\\Uusi kansio\\OUTLAWS\\OLWIN.EXE"="D:\\Pelit\\Uusi kansio\\OUTLAWS\\OLWIN.EXE:*:Enabled:OLWIN" "D:\\Työkalut & Ohjelmat\\eMulePlus\\eMulePlus\\eMulePlus.exe"="D:\\Työkalut & Ohjelmat\\eMulePlus\\eMulePlus\\eMulePlus.exe:*:Enabled:eMule Plus" "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "D:\\Pelit\\Warcraft III\\Warcraft III\\Warcraft III.exe"="D:\\Pelit\\Warcraft III\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "F:\\Warcraft III\\Warcraft III.exe"="F:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "D:\\Työkalut & Ohjelmat\\RShare\\RShare.exe"="D:\\Työkalut & Ohjelmat\\RShare\\RShare.exe:*:Enabled:RShare" "D:\\Työkalut & Ohjelmat\\eMulePlus 1.2b\\eMule.exe"="D:\\Työkalut & Ohjelmat\\eMulePlus 1.2b\\eMule.exe:*:Enabled:eMule Plus" "C:\\Documents and Settings\\ghjf\\Desktop\\BitComet.exe"="C:\\Documents and Settings\\ghjf\\Desktop\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Documents and Settings\\ghjf\\Desktop\\Ares Galaxy.exe"="C:\\Documents and Settings\\ghjf\\Desktop\\Ares Galaxy.exe:*:Enabled:Ares p2p for windows" "D:\\Työkalut & Ohjelmat\\Ares Galaxy\\Ares\\Ares Galaxy.exe"="D:\\Työkalut & Ohjelmat\\Ares Galaxy\\Ares\\Ares Galaxy.exe:*:Enabled:Ares p2p for windows" "D:\\Työkalut & Ohjelmat\\eMulePlus 1.2b\\eMule Plus 1.2b.exe"="D:\\Työkalut & Ohjelmat\\eMulePlus 1.2b\\eMule Plus 1.2b.exe:*:Enabled:eMule Plus" "D:\\Työkalut & Ohjelmat\\BitComet 0.84\\BitComet\\BitComet.exe"="D:\\Työkalut & Ohjelmat\\BitComet 0.84\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "D:\\Pelit\\Wolfenstein - Enemy Territory\\ET.exe"="D:\\Pelit\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:Wolfenstein - Enemy Territory" "D:\\Työkalut & Ohjelmat\\Anonymizer\\common\\AnonProxy.exe"="D:\\Työkalut & Ohjelmat\\Anonymizer\\common\\AnonProxy.exe:*:Enabled:AnonProxy" "D:\\Työkalut & Ohjelmat\\CryptoTunnel\\CryptoTunnel.exe"="D:\\Työkalut & Ohjelmat\\CryptoTunnel\\CryptoTunnel.exe:*:Enabled:CryptoTunnel" "C:\\AdventNet\\DeviceExpert\\jre\\bin\\java.exe"="C:\\AdventNet\\DeviceExpert\\jre\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "D:\\Työkalut & Ohjelmat\\LimeWire 4.12.6\\LimeWire.exe"="D:\\Työkalut & Ohjelmat\\LimeWire 4.12.6\\LimeWire.exe:*:Enabled:LimeWire" "D:\\Työkalut & Ohjelmat\\LimeWire 4.12.11 PRO\\LimeWire.exe"="D:\\Työkalut & Ohjelmat\\LimeWire 4.12.11 PRO\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\java.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "D:\\Työkalut & Ohjelmat\\BitComet 0.86\\BitComet.exe"="D:\\Työkalut & Ohjelmat\\BitComet 0.86\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "D:\\Työkalut & Ohjelmat\\TVUPlayer\\TVUPlayer.exe"="D:\\Työkalut & Ohjelmat\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component" "D:\\Pelit\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"="D:\\Pelit\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe:*:Enabled:SoF2MP" "C:\\Documents and Settings\\ghjf\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\ghjf\\Desktop\\utorrent.exe:*:Enabled:µTorrent" "D:\\Pelit\\Tom.Clancys.Rainbow.Six.Vegas.CLONEDvD9.MuLTi5-TXT\\Binaries\\R6Vegas_Game.exe"="D:\\Pelit\\Tom.Clancys.Rainbow.Six.Vegas.CLONEDvD9.MuLTi5-TXT\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas" "D:\\Pelit\\Tom.Clancys.Rainbow.Six.Vegas.CLONEDvD9.MuLTi5-TXT\\Binaries\\R6Vegas_Launcher.exe"="D:\\Pelit\\Tom.Clancys.Rainbow.Six.Vegas.CLONEDvD9.MuLTi5-TXT\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater" "D:\\Työkalut & Ohjelmat\\iTunes\\iTunes.exe"="D:\\Työkalut & Ohjelmat\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\ghjf\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=USER-529A5671CA ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\ghjf LOGONSERVER=\\USER-529A5671CA NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;D:\Ty”kalut & Ohjelmat\Tunnelier;D:\Ty”kalut & Ohjelmat\gtk 2.0\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ghjf\LOCALS~1\Temp TMP=C:\DOCUME~1\ghjf\LOCALS~1\Temp USERDOMAIN=USER-529A5671CA USERNAME=ghjf USERPROFILE=C:\Documents and Settings\ghjf windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- ghjf (admin) tyu (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"News Service" --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> D:\Pelit\SOLDIE~1\Uninstall\Unwise.exe /u D:\Pelit\SOLDIE~1\Uninstall\install.log --> D:\Työkalut & Ohjelmat\DivX\ConverterUninstall.exe /CONVERTER --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3GP Video Converter 3 --> D:\Työkalut & Ohjelmat\3GP Video Converter 3\Uninstall.exe 7-Zip 4.42 --> "D:\Työkalut & Ohjelmat\7-zip\Uninstall.exe" Active Ports --> C:\WINDOWS\unvise32.exe d:\työkalut & ohjelmat\uninstal.log Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Apple Mobile Device Support -tuki --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B} Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} Ares 2.0.1 --> "D:\Työkalut & Ohjelmat\Ares Galaxy\Ares\uninstall.exe" ATI-ohjelmiston poisto-ohjelma --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{95DE8C8D-0F86-4AAA-A3C9-1423EADD5A36} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe AviSynth 2.5 --> "D:\Työkalut & Ohjelmat\AviSynth 2.5\Uninstall.exe" BS.Player PRO --> "D:\Työkalut & Ohjelmat\BSplayerPro\uninstall.exe" BSPlayer --> "D:\Työkalut & Ohjelmat\BSplayerPro\uninstall.exe" Bubble Bobble World --> C:\WINDOWS\UnGins.exe "D:\Pelit\Bubble Bobble\Bubble Bobble World 1.5\install.log" CCleaner (remove only) --> "D:\Työkalut & Ohjelmat\CCleaner\uninst.exe" CD to MP3 Ripper --> D:\TYKALU~1\CDTOMP~1\UNWISE.EXE D:\TYKALU~1\CDTOMP~1\INSTALL.LOG CleanCache 3.5 --> "D:\Työkalut & Ohjelmat\CleanCache 3.0\unins000.exe" Combined Community Codec Pack 2007-02-22 --> "D:\Työkalut & Ohjelmat\Combined Community Codec Pack\unins001.exe" Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly ConvertXtoDVD 2.2.3.258 --> "D:\Työkalut & Ohjelmat\ConvertXtoDVD\unins000.exe" dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat DivX Content Uploader --> D:\Työkalut & Ohjelmat\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> D:\Työkalut & Ohjelmat\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> D:\Työkalut & Ohjelmat\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> D:\Työkalut & Ohjelmat\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD-lab PRO 2.3 --> "D:\Työkalut & Ohjelmat\DVDlabPro2\unins000.exe" DVDFab Platinum 3.1.4.0 --> "D:\Työkalut & Ohjelmat\DVDFab Platinum 3\unins000.exe" eMule Plus 1.2b --> "D:\Työkalut & Ohjelmat\eMulePlus 1.2b\unins000.exe" Eraser 5.82 --> "D:\Työkalut & Ohjelmat\Eraser\Eraser\unins001.exe" Foxie Privacy, Security & Productivity Suite 1.1 --> C:\Program Files\Foxie Suite\uninst.exe Game Jackal v2.9.18.565 --> "D:\Työkalut & Ohjelmat\Game Jackal\unins000.exe" GameShadow --> MsiExec.exe /I{D50BB830-3961-48EB-83D9-03A04C63534F} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe" -l0x9 Hardware sensors monitor 4.3 --> "D:\Työkalut & Ohjelmat\Hmonitor\unins000.exe" Heart Of Darkness --> D:\Pelit\HEARTO~1\HEARTO~1\UNWISE.EXE D:\Pelit\HEARTO~1\HEARTO~1\INSTALL.LOG Heroes of Might and Magic IV --> C:\WINDOWS\IsUninst.exe -f"d:\pelit\heroes of might and magic iv\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll Heroes of Might and Magic V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9 Hide IP Platinum 3.41 --> "D:\Työkalut & Ohjelmat\Hide IP Platinum\unins000.exe" High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2 --> "C:\hjt\HijackThis.exe" /uninstall Hitman Blood Money --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} K-Lite Mega Codec Pack 2.2.5 --> "D:\Työkalut & Ohjelmat\K-Lite Codec Pack\unins000.exe" LimeWire PRO 4.12.11 --> "D:\Työkalut & Ohjelmat\LimeWire 4.12.11 PRO\uninstall.exe" Little Fighter 2.5 - v2.0 --> D:\Pelit\Little Fighter 2.5\Uninstal.exe Localization Pack for Microsoft Windows XP Media Center Edition --> MsiExec.exe /I{9E667C7C-F80C-4B91-BCBA-01CBA164A5E9} McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6066\uninstall.exe Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" MKV TO AVI CONVERTER version 3.1 --> "D:\Työkalut & Ohjelmat\MKVTOAVI\unins000.exe" Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP3 Shield 2.4.3 --> D:\Työkalut & Ohjelmat\MP3 Shield\uninst.exe Mp3tag v2.37a --> D:\Työkalut & Ohjelmat\Mp3tag\Mp3tagUninstall.EXE MpcStar 1.7 --> D:\Työkalut & Ohjelmat\MpcStar\uninst.exe Nero 7 --> MsiExec.exe /X{D98C0C51-F9BB-4EE4-B791-22BF6EE31035} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NetworkActiv AUTAPF 1.0 --> C:\Program Files\NetworkActiv AUTAPF 1.0\NetworkActivAUTAPFv1.0.exe UnInstall Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1} Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_web.exe /LANG="2057" Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2} OpenOffice.org 2.1 --> MsiExec.exe /I{BE95E3BD-323B-46CC-AE78-8C9248A5BD78} PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E} PeerGuardian 2.0 --> "D:\Työkalut & Ohjelmat\PeerGuardian2\unins000.exe" PFConfig 1.0.149 --> D:\Työkalut & Ohjelmat\PFConfig\uninst.exe POP Peeper --> D:\Työkalut & Ohjelmat\POP Peeper\Uninstall.exe PowerISO --> "D:\Työkalut & Ohjelmat\PowerISO\uninstall.exe" Privoxy 3.0.6 --> "D:\Työkalut & Ohjelmat\Tor\Privoxy\privoxy_uninstall.exe" QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} rayman2 --> C:\WINDOWS\UbiSoft\SetupUbi.exe -uninstall rayman2 REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0xb -removeonly River Past Video Cleaner Pro --> C:\WINDOWS\Video Cleaner Pro Uninstaller.exe RogueRemover 1.20 --> D:\Työkalut & Ohjelmat\RogueRemover\uninst.exe Soldier of Fortune II - Double Helix GOLD --> D:\Pelit\SOLDIE~1\UNINST~1\UNWISE.EXE D:\Pelit\SOLDIE~1\UNINST~1\INSTALL.LOG SopCast 1.1.2 --> D:\Työkalut & Ohjelmat\SopCast\uninst.exe SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0xb -removeonly SpywareBlaster v3.5.1 --> "D:\Työkalut & Ohjelmat\SpywareBlaster\unins001.exe" Star Defender --> "D:\Pelit\Star Defender\uninstall.exe" Star Defender 3 --> "D:\Pelit\Star Defender 3\uninstall.exe" Steam --> D:\TYKALU~1\Steam\UNWISE.EXE D:\TYKALU~1\Steam\INSTALL.LOG Subtitle Workshop 2.51 --> "D:\Työkalut & Ohjelmat\Subtitle Workshop\uninstall.exe" SubtitleCreator --> D:\Työkalut & Ohjelmat\SubtitleCreator\Uninstall SubtitleCreator.exe Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe Tietoturvapalvelu --> C:\PROGRA~1\TIETOT~1\Common\fsbwih.exe /uninstall Time Adjuster STANDARD 3.1 --> "D:\Työkalut & Ohjelmat\TimeAdjuster\Uninstall.exe" Tom Clancy's Rainbow Six Vegas --> C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly Tor 0.1.1.26 --> "D:\Työkalut & Ohjelmat\Tor\Tor\Uninstall.exe" Triplane Turmoil II 1.04 --> D:\Työkalut & Ohjelmat\Triplane Turmoil II\uninst.exe TrueCrypt --> C:\WINDOWS\TrueCrypt Setup.exe /u D:\Työkalut & Ohjelmat\TrueCrypt Twitch 1.0 --> D:\Pelit\Twitch\unins000.exe TVUPlayer 2.3.2.34 --> D:\Työkalut & Ohjelmat\TVUPlayer\uninst.exe Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe URUSoft ViPlay3 --> "D:\Työkalut & Ohjelmat\ViPlay3\uninstall.exe" Vidalia 0.0.7 --> "D:\Työkalut & Ohjelmat\Tor\Vidalia\uninstall.exe" VideoLAN VLC media player 0.8.6b --> D:\Työkalut & Ohjelmat\VLC\uninstall.exe Winamp (remove only) --> "D:\Työkalut & Ohjelmat\Winamp 5.32\Winamp\UninstWA.exe" Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windowsin ohjainpaketti - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf WinHTTrack Website Copier 3.41-2 --> "D:\Työkalut & Ohjelmat\WinHTTrack\unins000.exe" WinRAR archiver --> D:\Työkalut & Ohjelmat\WinRAR 3.70 beta 3 Crystal\uninstall.exe WinSnap --> D:\Työkalut & Ohjelmat\WinSnap\uninst.exe WinXP Manager --> MsiExec.exe /I{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1} VobSub v2.23 (Remove Only) --> "D:\Työkalut & Ohjelmat\VobSub\uninstall.exe" Wolfenstein - Enemy Territory --> D:\Pelit\WOLFEN~1\Uninstall\Unwise.exe /u D:\Pelit\WOLFEN~1\Uninstall\Install.log Worms World Party --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe" xp-AntiSpy 3.96-4 --> D:\Työkalut & Ohjelmat\xp-AntiSpy\Uninstall.exe -- End of Deckard's System Scanner: finished at 2007-07-17 at 12:32:17 ---------
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/intl/ Fixaa nää rivit ======= 2007-05-05 22:54:03 386388 ---hs---- C:\WINDOWS\system32\mlkkj.ini2 2007-05-04 22:04:22 607759 ---hs---- C:\WINDOWS\system32\mlkkj.bak1 2007-05-04 22:03:39 610874 ---hs---- C:\WINDOWS\system32\mlkkj.bak2 poista nää tiedostot Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin ========== Pysy puhtaana -> Tyhjennä järjestelmänpalautus Ohjeet Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja. ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
