Ei pysty poistamaan troijalaista vaikka minkä teen Logfile of HijackThis v1.99.1 Scan saved at 11:22:49, on 4.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PowerISO\PWRISOVM.EXE D:\Ohjelmat\Asennetut\Daemon\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\FSGK32.EXE D:\Ohjelmat\Asennetut\OpenOffice\program\soffice.exe C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe D:\Ohjelmat\Asennetut\OpenOffice\program\soffice.BIN C:\WINDOWS\System32\svchost.exe C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\OPOY Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsav32.exe D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe C:\Program Files\OPOY Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\PROGRA~1\OPOYTI~1\ANTI-S~1\fsaw.exe C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\lataukset\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\OPOY Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Ohjelmat\Asennetut\Daemon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] D:\Ohjelmat\Asennetut\AMD Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\eqoalhye.dll",forkonce O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe O4 - Startup: OpenOffice.org 2.1.lnk = D:\Ohjelmat\Asennetut\OpenOffice\program\quickstart.exe O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{CD77030A-3432-4E64-8E32-8C1334C5C755}: NameServer = 213.139.190.3 212.50.131.153 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe tässä on hjt lokil. voisiko joku ystävällisesti jeesata ei jaksaisi koko konetta alkaa alustamaan
laita nyt aluksi Lataa VundoFix.exe työpöydällesi. Tupla-klikkaa VundoFix.exe ajaaksesi sen. Klikkaa Scan for Vundo valintaa. Kun skannaus on valmis, klikkaa Remove Vundo valintaa. Sinulta kysytään haluatko poistaa filut - klikkaa YES. Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa. Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK. Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö. Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan. Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä. =========== Escan Ohjeet tuolla sivulla. http://koti.mbnet.fi/pattaya1/escanmwav.htm lataa tuosta http://www.spywareinfo.dk/download/mwav.exe päivitä tuosta http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat laita täpit merkkauksien mukaan http://koti.mbnet.fi/pattaya1/eScan6.jpg scannaa jos ala luukkuun tulee jotain niin kopioi se näin: Käytä komentoa Ctrl+A. Kopioi rivit komennolla Ctrl+C. Liitä rivit komennolla Ctrl+V. Laita virus log tänne. =========== sitten nimeä uudelleen D:\lataukset\hijackthis_199\====> HijackThis.exe <===== skanneriksi se millä avaat hjt:n skannausta varten ota sitten uusi hjt loki
VundoFix V6.5.6 Checking Java version... Scan started at 20:26:45 4.8.2007 Listing files found while scanning.... C:\WINDOWS\system32\awtqr.dll C:\WINDOWS\system32\ciuwhlxq.dll C:\windows\system32\dkjqjpnf.dll C:\windows\system32\dlbepuup.ini C:\windows\system32\fnpjqjkd.ini C:\windows\system32\gwpudsuv.ini C:\windows\system32\ldowxokv.ini C:\windows\system32\puupebld.dll C:\WINDOWS\system32\rqtwa.bak1 C:\WINDOWS\system32\rqtwa.bak2 C:\WINDOWS\system32\rqtwa.ini C:\WINDOWS\system32\rqtwa.ini2 C:\WINDOWS\system32\rqtwa.tmp C:\windows\system32\svyrufmw.ini C:\windows\system32\vkoxwodl.dll C:\windows\system32\wmfuryvs.dll C:\windows\system32\vusdupwg.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\awtqr.dll C:\WINDOWS\system32\awtqr.dll Has been deleted! Attempting to delete C:\windows\system32\dkjqjpnf.dll C:\windows\system32\dkjqjpnf.dll Has been deleted! Attempting to delete C:\windows\system32\dlbepuup.ini C:\windows\system32\dlbepuup.ini Has been deleted! Attempting to delete C:\windows\system32\fnpjqjkd.ini C:\windows\system32\fnpjqjkd.ini Has been deleted! Attempting to delete C:\windows\system32\gwpudsuv.ini C:\windows\system32\gwpudsuv.ini Has been deleted! Attempting to delete C:\windows\system32\ldowxokv.ini C:\windows\system32\ldowxokv.ini Has been deleted! Attempting to delete C:\windows\system32\puupebld.dll C:\windows\system32\puupebld.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rqtwa.bak1 C:\WINDOWS\system32\rqtwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\rqtwa.bak2 C:\WINDOWS\system32\rqtwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\rqtwa.ini C:\WINDOWS\system32\rqtwa.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\rqtwa.ini2 C:\WINDOWS\system32\rqtwa.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\rqtwa.tmp C:\WINDOWS\system32\rqtwa.tmp Has been deleted! Attempting to delete C:\windows\system32\svyrufmw.ini C:\windows\system32\svyrufmw.ini Has been deleted! Attempting to delete C:\windows\system32\vkoxwodl.dll C:\windows\system32\vkoxwodl.dll Has been deleted! Attempting to delete C:\windows\system32\wmfuryvs.dll C:\windows\system32\wmfuryvs.dll Has been deleted! Attempting to delete C:\windows\system32\vusdupwg.dll C:\windows\system32\vusdupwg.dll Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 20:38:42, on 4.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PowerISO\PWRISOVM.EXE D:\Ohjelmat\Asennetut\Daemon\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe D:\Ohjelmat\Asennetut\OpenOffice\program\soffice.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FCH32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE D:\Ohjelmat\Asennetut\OpenOffice\program\soffice.BIN C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsav32.exe D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe C:\Program Files\OPOY Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\PROGRA~1\OPOYTI~1\ANTI-S~1\fsaw.exe C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe D:\lataukset\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\OPOY Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Ohjelmat\Asennetut\Daemon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] D:\Ohjelmat\Asennetut\AMD Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\vllqmajr.dll",forkonce O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe O4 - Startup: OpenOffice.org 2.1.lnk = D:\Ohjelmat\Asennetut\OpenOffice\program\quickstart.exe O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{CD77030A-3432-4E64-8E32-8C1334C5C755}: NameServer = 213.139.190.3 212.50.131.153 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe
File C:\WINDOWS\system32\iifccdb.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken. File C:\WINDOWS\system32\hnyuchbr.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File C:\WINDOWS\system32\iifccdb.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken. File C:\WINDOWS\system32\llotefjo.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File C:\WINDOWS\system32\mciofqrd.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File C:\Documents and Settings\Omistaja\Local Settings\Temp\qwrvfvsu.0xe infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\CD234HIV\CA0PGLSK tagged as not-a-virus:AdWare.Win32.Virtumonde.kr. No Action Taken. File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\CPEFS5I7\masiyxanidi[1] infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\K5MF01UN\adfcook[1] infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\K5MF01UN\kcehc_eicooc20070702[1] infected by "Trojan-Downloader.Win32.Tiny.id" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP207\A0035052.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP209\A0041066.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP209\A0041181.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP210\A0042203.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP210\A0042204.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP210\A0043203.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP210\A0043258.0XE infected by "Trojan-Dropper.Win32.Agent.bmk" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP215\A0045206.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.hb. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP215\A0045207.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.hb. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP218\A0047422.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.hb. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP218\A0047423.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP220\A0048628.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP222\A0048958.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP227\A0050131.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kr. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP227\A0050137.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP227\A0050141.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\VundoFix Backups\awtqr.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.kr. No Action Taken. File C:\VundoFix Backups\puupebld.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\VundoFix Backups\wmfuryvs.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.ar. No Action Taken. File C:\WINDOWS\system32\hnyuchbr.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File C:\WINDOWS\system32\iifccdb.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.jp. No Action Taken. File C:\WINDOWS\system32\llotefjo.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File C:\WINDOWS\system32\mciofqrd.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.kp. No Action Taken. File D:\Ohjelmat\Asennetut\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken. File D:\Ohjelmat\Paketit\mIRC\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. File D:\Ohjelmat\Paketit\mirc621.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.621. No Action Taken. eScanin logi
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
ComboFix 07-08-04.3 - "Omistaja" 2007-08-05 0:51:30.1 [GMT 3:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.Tosi * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\fyxbrims.dll C:\WINDOWS\system32\iifccdb.dll C:\WINDOWS\system32\lvfptrrj.dll C:\WINDOWS\system32\mpqss.bak1 C:\WINDOWS\system32\mpqss.ini C:\WINDOWS\system32\mymqbrex.dll C:\WINDOWS\system32\petbjrhi.dll C:\WINDOWS\system32\ssqpm.dll ((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 ))))))))))))))))))))))))))))))) 2007-08-05 00:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-04 20:48 <KANSIO> d-------- C:\Downloads 2007-08-04 20:48 <KANSIO> d-------- C:\Bases 2007-08-04 20:45 <KANSIO> d-------- C:\Kaspersky 2007-08-04 20:26 <KANSIO> d-------- C:\VundoFix Backups 2007-08-04 11:58 125,504 --a------ C:\WINDOWS\system32\vllqmajr.dll 2007-08-02 11:36 125,504 --a------ C:\WINDOWS\system32\xcbriujb.dll 2007-07-31 11:33 125,504 --------- C:\WINDOWS\system32\efpjbpro.dll 2007-07-30 17:17 126,016 --------- C:\WINDOWS\system32\hnyuchbr.dll 2007-07-28 20:36 126,016 --a------ C:\WINDOWS\system32\llotefjo.dll 2007-07-27 21:49 126,016 --a------ C:\WINDOWS\system32\mciofqrd.dll 2007-07-27 03:01 <KANSIO> d-------- C:\Program Files\Common Files\Application 2007-07-27 01:44 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot 2007-07-27 01:40 524,288 --ah----- C:\DOCUME~1\JRJEST~1\NTUSER.DAT 2007-07-27 01:40 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K„ynnist„-valikko 2007-07-27 01:40 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp„rist” 2007-07-27 01:40 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp„rist” 2007-07-27 01:40 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit 2007-07-27 01:40 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty”p”yt„ 2007-07-27 01:40 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Suosikit 2007-07-26 20:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-07-17 21:32 <KANSIO> d--hs---- C:\WINDOWS\ftpcache 2007-07-17 19:57 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft 2007-07-17 03:00 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA 2007-07-17 00:18 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-05 00:55 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Hamachi 2007-08-04 20:33 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\OpenOffice.org2 2007-08-03 17:19 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-02 22:43 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Azureus 2007-07-14 12:39 2724 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-14 12:39 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Corel 2007-07-11 03:01 70990 --a------ C:\WINDOWS\system32\perfc00B.dat 2007-07-11 03:01 366492 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-06-27 04:35 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Real 2007-06-27 04:29 --------- d-------- C:\Program Files\Common Files\xing shared 2007-06-27 04:29 --------- d-------- C:\Program Files\Common Files\Real 2007-06-18 17:21 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-06-18 17:21 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-06-18 17:21 --------- d-------- C:\Program Files\OpenAL 2007-06-08 11:52 947096 --a------ C:\WINDOWS\system32\_ISource30.dll 2007-06-07 19:15 73406 --a------ C:\WINDOWS\War3Unin.dat 2007-06-06 14:20 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-06-04 15:39 2829 --a------ C:\WINDOWS\War3Unin.pif 2007-06-04 15:39 139264 --a------ C:\WINDOWS\War3Unin.exe 2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-04 15:27 3079680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe 2007-05-01 13:01:24 88 --sh--r C:\WINDOWS\system32\41301E46BC.sys 2007-04-22 11:05:49 88 --sh--r C:\WINDOWS\system32\9248FCF263.sys 2007-03-04 05:53:14 8 --sh--r C:\WINDOWS\system32\C976397349.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26] "nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 17:25] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-02-24 04:00] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19] "F-Secure Manager"="C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.exe" [2005-10-26 04:51] "F-Secure TNB"="C:\Program Files\OPOY Tietoturvapalvelu\TNB\TNBUtil.exe" [2005-07-18 17:51] "F-Secure Startup Wizard"="C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\FSSW.exe" [2005-10-18 11:29] "News Service"="C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\ispnews.exe" [2005-05-31 15:45] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 06:01 C:\WINDOWS\SOUNDMAN.EXE] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 11:27] "DAEMON Tools-1033"="D:\Ohjelmat\Asennetut\Daemon\daemon.exe" [2004-08-22 17:05] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19] "NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll] "amd_dc_opt"="D:\Ohjelmat\Asennetut\AMD Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-27 04:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "spywarefighterguard"="D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe" [2007-06-08 11:52] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-03-24 11:38] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] hamachi.lnk - D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe [2007-03-04 15:10:39] OpenOffice.org 2.1.lnk - D:\Ohjelmat\Asennetut\OpenOffice\program\quickstart.exe [2006-12-02 00:32:46] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ BAANA TIETOTURVA.lnk - C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe [2007-03-04 02:46:35] Logitech SetPoint.lnk - D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe [2007-03-04 01:11:45] R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys R1 asuskbnt;Enhanced Display Driver Helper Service;C:\WINDOWS\system32\drivers\atkkbnt.sys R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys R2 BackWeb Plug-in - 9683872;BAANA TIETOTURVA;C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\Win2K\FSgk.sys R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS R3 SpyFighter;SpyFighter Guard Device;\??\D:\Ohjelmat\Asennetut\spywarefighter\spyfighter.sys R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe" S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys S3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110VID.sys *Newly Created Service* - FSBL Contents of the 'Scheduled Tasks' folder 2007-08-04 00:02:39 C:\WINDOWS\Tasks\Scheduled scanning task.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-05 00:54:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2] "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT" scanning hidden files ... C:\WINDOWS\Windows Update.log C:\WINDOWS\WindowsShell.Manifest C:\WINDOWS\WindowsUpdate.log C:\WINDOWS\winhelp.exe C:\WINDOWS\winhlp32.exe C:\WINDOWS\winnt.bmp C:\WINDOWS\winnt256.bmp C:\WINDOWS\WinSxS C:\WINDOWS\wmprfFIN.prx C:\WINDOWS\wmsetup.log C:\WINDOWS\WMSysPr9.prx C:\WINDOWS\WMSysPrx.prx C:\WINDOWS\xpsp1hfm.log C:\WINDOWS\Zapoteekki.bmp C:\WINDOWS\_default.pif scan completed successfully hidden files: 15 ************************************************************************** Completion time: 2007-08-05 0:56:52 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-05 00:56 --- E O F ---
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne: Tallenna se nimellä CFScript. (Tarkista että on juuri noin kirjoitettu) Sitten raahaa CFScript ComboFix.exeen kuten alla. Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne. myös uusi hijacthis logi
Ei pyytäny käynnistystä. ComboFix 07-08-04.3 - "Omistaja" 2007-08-05 2:24:05.2 [GMT 3:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.Tosi Command switches used :: C:\Documents and Settings\Omistaja\Ty”p”yt„\CFScript.txt * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\efpjbpro.dll C:\WINDOWS\system32\hnyuchbr.dll C:\WINDOWS\system32\llotefjo.dll C:\WINDOWS\system32\mciofqrd.dll C:\WINDOWS\system32\vllqmajr.dll C:\WINDOWS\system32\xcbriujb.dll ((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 ))))))))))))))))))))))))))))))) 2007-08-05 00:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-04 20:48 <KANSIO> d-------- C:\Downloads 2007-08-04 20:48 <KANSIO> d-------- C:\Bases 2007-08-04 20:45 <KANSIO> d-------- C:\Kaspersky 2007-08-04 20:26 <KANSIO> d-------- C:\VundoFix Backups 2007-07-27 03:01 <KANSIO> d-------- C:\Program Files\Common Files\Application 2007-07-27 01:44 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\Omat tiedostot 2007-07-27 01:40 524,288 --ah----- C:\DOCUME~1\JRJEST~1\NTUSER.DAT 2007-07-27 01:40 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1\K„ynnist„-valikko 2007-07-27 01:40 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Verkkoymp„rist” 2007-07-27 01:40 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Tulostinymp„rist” 2007-07-27 01:40 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1\Mallit 2007-07-27 01:40 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Ty”p”yt„ 2007-07-27 01:40 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1\Suosikit 2007-07-26 20:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-07-17 21:32 <KANSIO> d--hs---- C:\WINDOWS\ftpcache 2007-07-17 19:57 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft 2007-07-17 03:00 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA 2007-07-17 00:18 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-05 02:19 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Hamachi 2007-08-05 00:56 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\OpenOffice.org2 2007-08-03 17:19 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-02 22:43 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Azureus 2007-07-14 12:39 2724 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-14 12:39 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Corel 2007-07-11 03:01 70990 --a------ C:\WINDOWS\system32\perfc00B.dat 2007-07-11 03:01 366492 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-06-27 04:35 --------- d-------- C:\DOCUME~1\Omistaja\APPLIC~1\Real 2007-06-27 04:29 --------- d-------- C:\Program Files\Common Files\xing shared 2007-06-27 04:29 --------- d-------- C:\Program Files\Common Files\Real 2007-06-18 17:21 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-06-18 17:21 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-06-18 17:21 --------- d-------- C:\Program Files\OpenAL 2007-06-08 11:52 947096 --a------ C:\WINDOWS\system32\_ISource30.dll 2007-06-07 19:15 73406 --a------ C:\WINDOWS\War3Unin.dat 2007-06-06 14:20 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-06-04 15:39 2829 --a------ C:\WINDOWS\War3Unin.pif 2007-06-04 15:39 139264 --a------ C:\WINDOWS\War3Unin.exe 2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-04 15:27 3079680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe 2007-05-01 13:01:24 88 --sh--r C:\WINDOWS\system32\41301E46BC.sys 2007-04-22 11:05:49 88 --sh--r C:\WINDOWS\system32\9248FCF263.sys 2007-03-04 05:53:14 8 --sh--r C:\WINDOWS\system32\C976397349.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 00:25 C:\WINDOWS\KHALMNPR.Exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26] "nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 17:25] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-02-24 04:00] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19] "F-Secure Manager"="C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.exe" [2005-10-26 04:51] "F-Secure TNB"="C:\Program Files\OPOY Tietoturvapalvelu\TNB\TNBUtil.exe" [2005-07-18 17:51] "F-Secure Startup Wizard"="C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\FSSW.exe" [2005-10-18 11:29] "News Service"="C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\ispnews.exe" [2005-05-31 15:45] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 06:01 C:\WINDOWS\SOUNDMAN.EXE] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 11:27] "DAEMON Tools-1033"="D:\Ohjelmat\Asennetut\Daemon\daemon.exe" [2004-08-22 17:05] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19] "NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll] "amd_dc_opt"="D:\Ohjelmat\Asennetut\AMD Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-27 04:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "spywarefighterguard"="D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe" [2007-06-08 11:52] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-03-24 11:38] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2006-10-05 16:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] hamachi.lnk - D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe [2007-03-04 15:10:39] OpenOffice.org 2.1.lnk - D:\Ohjelmat\Asennetut\OpenOffice\program\quickstart.exe [2006-12-02 00:32:46] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ BAANA TIETOTURVA.lnk - C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe [2007-03-04 02:46:35] Logitech SetPoint.lnk - D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe [2007-03-04 01:11:45] R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R1 AsIO;AsIO;C:\WINDOWS\system32\drivers\AsIO.sys R1 asuskbnt;Enhanced Display Driver Helper Service;C:\WINDOWS\system32\drivers\atkkbnt.sys R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys R2 BackWeb Plug-in - 9683872;BAANA TIETOTURVA;C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE R2 EIO;EIO;\??\C:\WINDOWS\system32\drivers\EIO.sys R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\Win2K\FSfilter.sys R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\Win2K\FSgk.sys R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\Win2K\FSrec.sys R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS R3 SpyFighter;SpyFighter Guard Device;\??\D:\Ohjelmat\Asennetut\spywarefighter\spyfighter.sys R3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe" S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys S3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110VID.sys *Newly Created Service* - CATCHME *Newly Created Service* - FSBL Contents of the 'Scheduled Tasks' folder 2007-08-04 00:02:39 C:\WINDOWS\Tasks\Scheduled scanning task.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-05 02:25:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x00ffc\xd3w\2] "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT" scanning hidden files ... C:\WINDOWS\Windows Update.log C:\WINDOWS\WindowsShell.Manifest C:\WINDOWS\WindowsUpdate.log C:\WINDOWS\winhelp.exe C:\WINDOWS\winhlp32.exe C:\WINDOWS\winnt.bmp C:\WINDOWS\winnt256.bmp C:\WINDOWS\WinSxS C:\WINDOWS\wmprfFIN.prx C:\WINDOWS\wmsetup.log C:\WINDOWS\WMSysPr9.prx C:\WINDOWS\WMSysPrx.prx C:\WINDOWS\xpsp1hfm.log C:\WINDOWS\Zapoteekki.bmp C:\WINDOWS\_default.pif scan completed successfully hidden files: 15 ************************************************************************** Completion time: 2007-08-05 2:25:31 C:\ComboFix-quarantined-files.txt ... 2007-08-05 02:25 C:\ComboFix2.txt ... 2007-08-05 00:56 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 2:29:18, on 5.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.EXE C:\WINDOWS\ATKKBService.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe D:\Ohjelmat\Asennetut\Daemon\daemon.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe D:\Ohjelmat\Asennetut\OpenOffice\program\soffice.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FCH32.EXE C:\WINDOWS\System32\svchost.exe D:\Ohjelmat\Asennetut\OpenOffice\program\soffice.BIN C:\Program Files\OPOY Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\OPOY Tietoturvapalvelu\FWES\Program\fsdfwd.exe D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe C:\PROGRA~1\OPOYTI~1\ANTI-S~1\fsaw.exe C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\lataukset\hijackthis_199\Skanneri.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Ohjelmat\Asennetut\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\OPOY Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Ohjelmat\Asennetut\Daemon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] D:\Ohjelmat\Asennetut\AMD Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe O4 - Startup: OpenOffice.org 2.1.lnk = D:\Ohjelmat\Asennetut\OpenOffice\program\quickstart.exe O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{CD77030A-3432-4E64-8E32-8C1334C5C755}: NameServer = 213.139.190.3 212.50.131.153 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe
Moron! ========= Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Tässä ohje miten merkataan: ========== Skannaa koneesi Ewido Online Scannerilla * Lataa Ewido_micro.exe tästä. * Tallenna tiedosto esimerkiksi työpöydälle. * Tuplaklikkaa Ewido_micro.exeä työpöydälläsi. * Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki. * Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa. * Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia. * Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä. * Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit. * Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle. * Klikkaa Remove Infections -nappia. * Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan. * Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia. * Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi ========== Loistava ohje tietokoneeen nopeuttamiseksi http://neko.1g.fi/ohje/hidastelua.html ========== Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi! Javan päivitys ja välimuistin tyhjennys: 1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa. 2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... ) Niissä pitäisi olla seuraava kuva vieressä: 3. Valitse kaikki entiset Java versiosi ja valitse Poista. 4. Asenna uusin Java päivitys seuraavasta linkistä.. 5. Käynnistä kone uudelleen asennuksen jälkeen: http://java.sun.com/javase/downloads/index.jsp tai http://www.filehippo.com/download_java_runtime/ Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2 Paina Download Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se. 6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi). 7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia. (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa. Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle). 8. Varmista että kaikki kaksi valintaa ovat rastitettuja: *Applications and Applets *Trace and Log Files Ja paina OK -nappia 9. Klikkaa OK "Temporary Files Settings" -ikkunassasi. 10. Klikkaa OK jättääksesi Java asetusikkunasi. ========== Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi. ja ewido online skannerin raportti
__________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Statistik-gallup Path: :mozilla.14:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.34:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.35:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.43:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.51:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.52:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.53:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.54:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.55:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.59:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.60:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.61:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.62:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.63:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.64:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.65:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.66:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.67:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.69:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.70:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.71:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.72:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tacoda Path: :mozilla.76:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tacoda Path: :mozilla.77:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tacoda Path: :mozilla.78:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.79:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tacoda Path: :mozilla.80:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tacoda Path: :mozilla.81:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.82:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.83:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.85:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.86:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.87:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.88:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.89:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.94:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.95:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.120:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.121:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.122:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.154:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.155:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.156:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.157:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.158:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.159:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.160:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.161:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.162:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.163:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.164:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.165:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.166:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.167:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.168:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.169:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.170:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.171:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.172:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.173:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.174:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.175:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.176:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.177:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.178:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Gamershell Path: :mozilla.179:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Clickhype Path: :mozilla.181:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Clickhype Path: :mozilla.182:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Clickhype Path: :mozilla.183:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.184:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.192:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.193:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.194:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.195:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.203:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.204:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.217:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.218:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.219:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.220:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.221:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.222:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.223:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.224:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.225:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.226:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.252:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.253:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.254:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Reliablestats Path: :mozilla.284:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Reliablestats Path: :mozilla.285:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Reliablestats Path: :mozilla.286:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Reliablestats Path: :mozilla.287:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.311:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.312:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.313:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.314:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.315:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.316:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.330:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.331:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.332:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.333:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\596v6f3k.default\cookies.txt Risk: Medium Name: Adware.Virtumonde Path: C:\QooBox\Quarantine\catchme2007-08-05_ 05459.70.zip/iifccdb.dll Risk: Medium Name: Adware.Virtumonde Path: C:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP228\A0050220.dll Risk: Medium Name: Backdoor.VB.ari Path: D:\System Volume Information\_restore{72B9761E-6782-4F02-862F-A27F775CE625}\RP224\A0049128.exe Risk: High Deckard's System Scanner v20070804.61 Run by Omistaja on 2007-08-05 at 16:39:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 31: 2007-08-05 13:39:21 UTC - RP236 - Deckard's System Scanner Restore Point 30: 2007-08-05 13:36:02 UTC - RP235 - Installed Java(TM) 6 Update 2 29: 2007-08-05 13:29:02 UTC - RP234 - Removed Java(TM) SE Runtime Environment 6 Update 1 28: 2007-08-05 13:27:42 UTC - RP233 - Removed J2SE Runtime Environment 5.0 Update 11 27: 2007-08-05 00:58:58 UTC - RP232 - Supprimé Transformers(TM) - Le Jeu Demo -- First Restore Point -- 1: 2007-07-16 20:30:40 UTC - RP206 - Järjestelmän tarkistuspiste Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Omistaja.exe) -------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 16:39:52, on 5.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PowerISO\PWRISOVM.EXE D:\Ohjelmat\Asennetut\Daemon\daemon.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe D:\Ohjelmat\Asennetut\OpenOffice\program\soffice.exe D:\Ohjelmat\Asennetut\OpenOffice\program\soffice.BIN C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fssm32.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsqh.exe C:\Program Files\OPOY Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsrw.exe C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsav32.exe D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe C:\Program Files\OPOY Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\PROGRA~1\OPOYTI~1\ANTI-S~1\fsaw.exe C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\fsguidll.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\msiexec.exe C:\Documents and Settings\Omistaja\Työpöytä\dss.exe D:\LATAUK~1\HIJACK~1\Omistaja.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Ohjelmat\Asennetut\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Ohjelmat\Asennetut\java\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\OPOY Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Ohjelmat\Asennetut\Daemon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [amd_dc_opt] D:\Ohjelmat\Asennetut\AMD Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [spywarefighterguard] D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Ohjelmat\Asennetut\java\bin\jusched.exe" O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe O4 - Startup: OpenOffice.org 2.1.lnk = D:\Ohjelmat\Asennetut\OpenOffice\program\quickstart.exe O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\Program\OPOY-Tietoturva.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Asennetut\java\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Ohjelmat\Asennetut\java\bin\npjpi160_02.dll O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{CD77030A-3432-4E64-8E32-8C1334C5C755}: NameServer = 213.139.190.3 212.50.131.153 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\OPOYTI~1\backweb\9683872\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\OPOY Tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\OPOY Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - D:\Ohjelmat\Asennetut\spywarefighter\spfprc.exe -- HijackThis Fixed Entries (D:\LATAUK~1\HIJACK~1\backups\) -------------------- backup-20070805-150827-164 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20070805-150827-247 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = backup-20070805-151200-581 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = backup-20070805-151249-790 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = backup-20070805-151330-608 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield> R1 AsIO - c:\windows\system32\drivers\asio.sys R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT> R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\opoy tietoturvapalvelu\anti-virus\win2k\fsfilter.sys R2 F-Secure Gatekeeper - c:\program files\opoy tietoturvapalvelu\anti-virus\win2k\fsgk.sys R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\opoy tietoturvapalvelu\anti-virus\win2k\fsrec.sys R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 RMSPPPOE (WAN Miniport (PPP over Ethernet Protocol)) - c:\windows\system32\drivers\rmspppoe.sys <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol> S3 catchme - c:\docume~1\omistaja\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service> R2 BackWeb Plug-in - 9683872 (BAANA TIETOTURVA) - c:\progra~1\opoyti~1\backweb\9683872\program\servic~1.exe <Not Verified; BackWeb Technologies Inc.; RunnerEXE Application> R2 fsbwsys - "c:\program files\opoy tietoturvapalvelu\backweb\9683872\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb> R2 F-Secure Gatekeeper Handler Starter - "c:\program files\opoy tietoturvapalvelu\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corporation; F-Secure Corp. Startup service> R2 FSMA - "c:\program files\opoy tietoturvapalvelu\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent> R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\opoy tietoturvapalvelu\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel(R) PRO/100+ Management Adapter Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_000C8086&REV_08\4&13699180&0&3048 Manufacturer: Intel Name: Intel(R) PRO/100+ Management Adapter #2 PNP Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_000C8086&REV_08\4&13699180&0&3048 Service: E100B Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394-verkkosovitin Device ID: V1394\NIC1394\68776B11D800 Manufacturer: Microsoft Name: 1394-verkkosovitin #2 PNP Device ID: V1394\NIC1394\68776B11D800 Service: NIC1394 Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Ethernet-sovitin Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048 Manufacturer: Name: Ethernet-sovitin PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048 Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOT\NET\0000 Manufacturer: LogMeIn, Inc. Name: Hamachi Network Interface PNP Device ID: ROOT\NET\0000 Service: hamachi -- Scheduled Tasks ------------------------------------------------------------- 2007-08-05 03:01:32 568 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job -- Files created between 2007-07-05 and 2007-08-05 ----------------------------- 2007-08-04 20:48:26 0 d-------- C:\Downloads 2007-08-04 20:48:26 0 d-------- C:\Bases 2007-08-04 20:45:12 0 d-------- C:\Kaspersky 2007-08-04 20:26:45 0 d-------- C:\VundoFix Backups 2007-07-27 03:01:01 0 d-------- C:\Program Files\Common Files\Application 2007-07-27 01:44:46 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot 2007-07-27 01:40:46 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö 2007-07-27 01:40:46 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä 2007-07-27 01:40:46 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö 2007-07-27 01:40:46 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit 2007-07-27 01:40:46 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\SendTo 2007-07-27 01:40:46 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Recent 2007-07-27 01:40:46 524288 --ah----- C:\Documents and Settings\Järjestelmänvalvoja\NTUSER.DAT 2007-07-27 01:40:46 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit 2007-07-27 01:40:46 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings 2007-07-27 01:40:46 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko 2007-07-27 01:40:46 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Cookies 2007-07-27 01:40:46 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Application Data 2007-07-27 01:40:46 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft 2007-07-26 20:09:23 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-07-17 21:32:46 0 d--hs---- C:\WINDOWS\ftpcache 2007-07-17 19:57:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2007-07-17 03:00:01 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2007-07-17 00:18:45 0 d-------- C:\WINDOWS\SxsCaPendDel -- Find3M Report --------------------------------------------------------------- 2007-08-05 16:38:53 0 d-------- C:\Documents and Settings\Omistaja\Application Data\Hamachi 2007-08-05 16:23:19 0 d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2 2007-08-05 15:48:33 0 d-------- C:\Documents and Settings\Omistaja\Application Data\Corel 2007-08-05 15:48:07 2672 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-08-05 03:59:06 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-02 22:43:52 0 d-------- C:\Documents and Settings\Omistaja\Application Data\Azureus 2007-07-27 03:01:01 0 d-------- C:\Program Files\Common Files 2007-07-13 00:07:03 0 d-------- C:\Program Files\Common Files\Adobe 2007-07-11 03:01:25 366492 --a------ C:\WINDOWS\system32\perfh00B.dat 2007-07-11 03:01:25 70990 --a------ C:\WINDOWS\system32\perfc00B.dat 2007-06-27 04:35:59 0 d-------- C:\Documents and Settings\Omistaja\Application Data\Real 2007-06-27 04:29:09 0 d-------- C:\Program Files\Common Files\xing shared 2007-06-27 04:29:07 0 d-------- C:\Program Files\Common Files\Real 2007-06-18 17:21:40 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32> 2007-06-18 17:21:40 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library> 2007-06-18 17:21:40 0 d-------- C:\Program Files\OpenAL 2007-06-07 19:15:27 73406 --a------ C:\WINDOWS\War3Unin.dat 2007-06-04 15:39:08 2829 --a------ C:\WINDOWS\War3Unin.pif 2007-06-04 15:39:07 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23.07.2005 00:25 C:\WINDOWS\KHALMNPR.Exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19.04.2007 13:26] "nwiz"="nwiz.exe" [19.04.2007 13:26 C:\WINDOWS\system32\nwiz.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [08.12.2003 18:35] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [08.07.2005 17:25] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [24.02.2003 04:00] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30.09.2003 01:14] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [21.03.2006 14:19] "F-Secure Manager"="C:\Program Files\OPOY Tietoturvapalvelu\Common\FSM32.exe" [26.10.2005 04:51] "F-Secure TNB"="C:\Program Files\OPOY Tietoturvapalvelu\TNB\TNBUtil.exe" [18.07.2005 17:51] "F-Secure Startup Wizard"="C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\FSSW.exe" [18.10.2005 11:29] "News Service"="C:\Program Files\OPOY Tietoturvapalvelu\FSGUI\ispnews.exe" [31.05.2005 15:45] "SoundMan"="SOUNDMAN.EXE" [15.04.2005 06:01 C:\WINDOWS\SOUNDMAN.EXE] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [06.11.2006 11:27] "DAEMON Tools-1033"="D:\Ohjelmat\Asennetut\Daemon\daemon.exe" [22.08.2004 17:05] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23.01.2007 11:19] "NvMediaCenter"="NvMCTray.dll" [19.04.2007 13:26 C:\WINDOWS\system32\nvmctray.dll] "amd_dc_opt"="D:\Ohjelmat\Asennetut\AMD Dual-Core Optimizer\amd_dc_opt.exe" [17.11.2006 16:49] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [27.06.2007 04:28] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 03:06] "spywarefighterguard"="D:\Ohjelmat\Asennetut\spywarefighter\spftray.exe" [08.06.2007 11:52] "SunJavaUpdateSched"="D:\Ohjelmat\Asennetut\java\bin\jusched.exe" [12.07.2007 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [24.03.2006 11:38] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 12:55] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 19:16:50] hamachi.lnk - D:\Ohjelmat\Asennetut\Hamachi\hamachi.exe [4.3.2007 15:10:39] OpenOffice.org 2.1.lnk - D:\Ohjelmat\Asennetut\OpenOffice\program\quickstart.exe [2.12.2006 0:32:46] C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\ Logitech SetPoint.lnk - D:\Ohjelmat\Asennetut\SetPoint\SetPoint.exe [4.3.2007 1:11:45] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-08-05 at 16:41:33 --------- Deckard's System Scanner v20070804.61 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6 CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 23% Physical Memory (total/avail): 2047.48 MiB / 1563.53 MiB Pagefile Memory (total/avail): 3940.14 MiB / 3604.35 MiB Virtual Memory (total/avail): 2047.88 MiB / 1971.11 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 19.53 GiB total, 2.95 GiB free. D: is Fixed (NTFS) - 259.93 GiB total, 1.16 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: BAANA TIETOTURVA 6.15 v6.15 (F-Secure Corporation) Disabled AV: BAANA TIETOTURVA 6.15 v6.15 (F-Secure Corporation) Disabled [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Omistaja\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PELOTTAVAPONTSO ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Omistaja LOGONSERVER=\\PELOTTAVAPONTSO NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2b01 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Omistaja\LOCALS~1\Temp TMP=C:\DOCUME~1\Omistaja\LOCALS~1\Temp USERDOMAIN=PELOTTAVAPONTSO USERNAME=Omistaja USERPROFILE=C:\Documents and Settings\Omistaja windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Omistaja (admin) Järjestelmänvalvoja (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure FWES" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure GUI" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Help" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"F-Secure TNB" --> "C:\Program Files\OPOY Tietoturvapalvelu\fsuninst.exe" /UninstRegKey:"News Service" --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> MsiExec /X{C6996F17-9233-49EB-8084-E73E5272DAF4} --> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SETUP.EXE" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\SETUP.EXE" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Act of War - Direct Action --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9B915DF-B79C-4747-9BA3-9705A57DC717}\SETUP.EXE" -l0x9 Ad-Aware SE Personal --> D:\Ohjelmat\ASENNE~1\AD-AWA~1\UNWISE.EXE D:\Ohjelmat\ASENNE~1\AD-AWA~1\INSTALL.LOG Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} AGEIA PhysX v7.05.05 --> MsiExec.exe /X{C6996F17-9233-49EB-8084-E73E5272DAF4} ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9 ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033 ASUS SmartDoctor --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1033 ASUS Utilities --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1033 ASUS VideoSecurity Online --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7} Azureus Vuze --> D:\Ohjelmat\Asennetut\Azureus\Azureus\uninstall.exe BAANA TIETOTURVA --> C:\PROGRA~1\OPOYTI~1\Common\fsbwih.exe /uninstall BSPlayer --> "D:\Ohjelmat\Asennetut\BSplayer\uninstall.exe" Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057 Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP160 --> "C:\WINDOWS\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x000b Canon MP160 -käyttäjän rekisteröinti --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A} Counter-Strike 1.6 --> D:\Pelit\PC\Asennetut\cs1.6\Uninstal.exe Creative PC-CAM Center Lite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\SETUP.EXE" -l0x9 /remove Creative WebCam Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SETUP.EXE" -l0x9 /remove Creative WebCam NX Driver (1.00.08.0514) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script P1110.uns -unsext NT -plugin p1110pin.dll -pluginres p1110pin.crl DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} DC++ 0.698 --> "D:\Ohjelmat\Asennetut\DC++\uninstall.exe" Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF} DVD Solution --> "C:\Program Files\Uninstall_CDS.exe" Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly Final Fantasy VII --> C:\WINDOWS\IsUninst.exe -fd:\pelit\pc\asennetut\ffvii\Uninst.isu Fraps (remove only) --> "D:\Ohjelmat\Asennetut\Fraps\uninstall.exe" Hamachi 1.0.1.5 --> D:\Ohjelmat\Asennetut\Hamachi\uninstall.exe HijackThis 1.99.1 --> D:\lataukset\hijackthis_199\HijackThis.exe /uninstall InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0xb -removeonly MadOnion.com/3DMark2001 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}\Setup.exe" -l0x9 uninstall -uninst MaxBlast 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe" mIRC --> "D:\Ohjelmat\Asennetut\mIRC\mirc.exe" -uninstall Mozilla Firefox (2.0.0.4) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall musikCube 1.0 rc2 --> D:\Ohjelmat\Asennetut\MusickCube\musikCube\uninstall.exe Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1} Nokia PC Suite --> MsiExec.exe /I{F1951119-0ED2-489A-9181-8A5E682600B5} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI oo2-soikko-Windows-1.1.2 --> C:\Program Files\oo2-soikko-Windows-1.1.2\Uninstall-oo2-soikko-Windows-1.1.2.exe OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U /S OpenOffice.org 2.1 --> MsiExec.exe /I{BE95E3BD-323B-46CC-AE78-8C9248A5BD78} PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9 Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall PPP over Ethernet Protocol 0.98 --> C:\WINDOWS\System32\RASPPPOE.EXE /REMOVE RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5} SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C} Spybot - Search & Destroy 1.4 --> "D:\Ohjelmat\Asennetut\Spybot S&D\Spybot - Search & Destroy\unins000.exe" SPYWAREfighter --> MsiExec.exe /X{772BD148-E274-495C-BF15-AB9454D57563} Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB904706) --> Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" sXe Injected --> "D:\Pelit\PC\Asennetut\cs1.6\sxeinfected\sXe Injected\uninstall.exe" Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VideoLAN VLC media player 0.8.5 --> D:\Ohjelmat\Asennetut\VLC Mediaplayer\VLC\uninstall.exe Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734} WinRAR archiver --> D:\Ohjelmat\Asennetut\Winrar\uninstall.exe Vodei Multimedia Processor 2.00 --> D:\Ohjelmat\Asennetut\Vodei\uninst.exe World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe YAMAHA SoftSynthesizer S-YXG70 --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu -c"C:\WINDOWS\system32\sxgunins.dll -- Application Event Log ------------------------------------------------------- Event ID #3570: Success Event Submitted/Written: 08/05/2007 04:24:09 PM Event Source: usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event ID #3555: Error Event Submitted/Written: 08/05/2007 02:57:27 PM Event Source: nview_info Event Description: NVIEW : firefox: Mutex Recovery Code - leaving recovery code. Event ID #3554: Error Event Submitted/Written: 08/05/2007 02:57:27 PM Event Source: nview_info Event Description: NVIEW : firefox: SEVERE nView Mutex Error - NOT recoverable. NView (and Mutexes) have been disabled for the time being while process 32c is active. Event ID #3553: Error Event Submitted/Written: 08/05/2007 02:55:27 PM Event Source: nview_info Event Description: NVIEW : firefox: Entered Mutex Recovery Code. NView (and Mutexes) are not enabled. Event ID #3552: Error Event Submitted/Written: 08/05/2007 02:55:27 PM Event Source: nview_info Event Description: NVIEW : firefox: Mutex Recovery Code - mutex still stuck - PID:32c now has a back count of:1. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event ID #32718: Warning Event Submitted/Written: 08/05/2007 04:40:14 PM Event Source: RMSPPPOE Event Description: Received a PPPoE Session packet for an unknown session. Ignoring this packet. Event ID #32716: Error Event Submitted/Written: 08/05/2007 04:29:21 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 Event ID #32713: Error Event Submitted/Written: 08/05/2007 04:29:21 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 Event ID #32710: Error Event Submitted/Written: 08/05/2007 04:29:21 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 Event ID #32707: Error Event Submitted/Written: 08/05/2007 04:29:21 PM Event Source: Service Control Manager Event Description: Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe: %%126 -- End of Deckard's System Scanner: finished at 2007-08-05 at 16:41:33 --------- Ja niin tosiaan R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = tuon poisto ei onnistunut. f-secure valitteli ohjelman haltuun otosta suljin netin, f-secure sekä päällä olevat ohjelmat ja yritin uudelleen mutta se ei auttanut. Aina kun skannasin uudelleen niin se löysi tuon.
väärä postaus. tulipa lähetettyä kolme kertaa sitten noita logeja. saa poistaa nämä kaks. itse en löytänyt muuta ku muokkauksen...
Pysy puhtaana -> Tyhjennä järjestelmänpalautus Ohjeet Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja. ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
Jeespooks Enää ei ole valitellut Kiitoksia avusta! En olisi koskaan saanut itse poistettua noita, muuten kuin ehkä vain alustuksen avulla. Mistä te muuten olette "opiskelleet" kaiken tuon näistä koneista ja ohjelmista? Vähä off-topicci :S
