AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 3.8.2025 / 19:27
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > tarkasteluun
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
tarkasteluun
  Siirry:
 
Kirjoittaja Viesti
kimez
Suspended due to non-functional email address
_ 		7. elokuuta 2007 @ 10:01 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Kone hidastelee aika ajoin, johtuisko sit liian monista asennetuista ohjelmista, mutta jos joku vois tarkistaa tän kumminkin...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:17, on 7.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3ED73B-1942-4C92-B571-0EFC7A42B634}: NameServer = 192.168.254.254,192.168.254.255
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe

--
End of file - 7405 bytes
[ + lainaa]
Auttaja
Suspended permanently
_ 		7. elokuuta 2007 @ 15:01 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es

Tässä ohje miten merkataan:




==========

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

==========


Loistava ohje tietokoneeen nopeuttamiseksi

http://neko.1g.fi/ohje/hidastelua.html


==========

Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files


Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

myös F-securen raportti

[ + lainaa]
Don“t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
kimez
Suspended due to non-functional email address
_ 		8. elokuuta 2007 @ 08:30 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Vanha Java oli unohtunut päivitää, tässä olis F-securen ja Deckard`sin
logit.


Scanning Report
Tuesday, August 07, 2007 19:52:18 - 01:26:27

Computer name: EXPERIENCE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\
Result: 0 malware found
Statistics
Scanned:

* Files: 233477
* System: 4986
* Not scanned: 88

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* |x�T AUTHORITY\NTUSER.DAT C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XMJ2OT02.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XMJ2OT02.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XMJ2OT02.DEFAULT\CACHE\_CACHE_003_
* C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg
* C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg
* C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled2.zip\sbRecovery.reg
* C:\Documents and Settings\All Users.WIx�iC

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-08-07
* F-Secure AVP: 7.0.171, 2007-08-07
* F-Secure Orion: 1.2.37, 2007-08-07
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-07-05

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


Deckard's System Scanner v20070807.62
Run by Administrator on 2007-08-08 at 11:49:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-08-08 08:49:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:37, on 8.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Administrator.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [BoostSpeed] "C:\Program Files\AusLogics BoostSpeed\boostspeed.exe" /Q
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3ED73B-1942-4C92-B571-0EFC7A42B634}: NameServer = 192.168.254.254,192.168.254.255
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe

--
End of file - 7463 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\Trend Micro\HijackThis\backups\) ------

backup-20070807-194130-522 O1 - Hosts: 66.98.148.65 auto.search.msn.com
backup-20070807-194130-793 O1 - Hosts: 66.98.148.65 auto.search.msn.es
backup-20070807-194130-900 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070807-194130-982 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys PowerISO Computing, Inc.; scdemu>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys
S3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
S3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys
S3 PPJoyBus (Parallel Port Joystick Bus device driver) - c:\windows\system32\drivers\ppjoybus.sys
S3 PPortJoystick (Parallel Port Joystick device driver) - c:\windows\system32\drivers\pportjoy.sys
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe"
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"

S2 AVP (Active Virus Shield) - "c:\program files\aol\active virus shield\avp.exe" -r (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&23C0B1C&0&10F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&23C0B1C&0&10F0
Service: RTL8023xp

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&559926A&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&559926A&0&0
Service: flpydisk


-- Scheduled Tasks -------------------------------------------------------------

2007-08-08 11:30:00 256 --a------ C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
2007-08-08 04:00:00 304 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-08-07 20:01:13 426 --a------ C:\WINDOWS\Tasks\AwcProUpdate.job
2007-08-07 16:30:06 414 --a------ C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job
2007-08-07 07:49:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-03 17:15:00 406 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2007-08-08 11:35:42 0 d--hs---- C:\Documents and Settings\Administrator\Recent
2007-08-07 19:52:22 468768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-07 19:52:22 684576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-07 18:50:17 0 d-------- C:\Program Files\Registry Clean Expert
2007-08-07 17:48:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2007-08-07 14:37:11 0 d-------- C:\Program Files\AusLogics BoostSpeed
2007-08-07 13:28:12 0 d-------- C:\Program Files\Trend Micro
2007-08-07 13:20:57 0 d-------- C:\hijackthis_v2.0.2
2007-08-01 07:02:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\ACAMPREF
2007-08-01 07:02:27 0 d-------- C:\Awale
2007-07-29 07:23:18 0 d-------- C:\Program Files\QuickTime
2007-07-29 06:04:46 69632 --a------ C:\WINDOWS\system32\xmltok.dll
2007-07-29 06:04:46 36864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-07-29 06:04:46 0 d-------- C:\Program Files\Ubisoft
2007-07-28 09:27:46 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-07-28 09:22:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2007-07-28 09:19:59 0 d-------- C:\Program Files\Comodo
2007-07-26 23:07:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-07-26 23:06:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-07-23 22:41:09 0 d-------- C:\Program Files\CheckerBoard
2007-07-23 17:56:25 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-07-19 03:06:10 27028 --a------ C:\WINDOWS\system32\tcpipbak.reg
2007-07-19 03:05:59 32768 --a------ C:\WINDOWS\system32\ServiceRepair.exe
2007-07-19 03:05:58 300 --a------ C:\WINDOWS\totals.reg
2007-07-19 03:05:58 53248 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-07-19 03:05:58 492 --a------ C:\WINDOWS\system32\outfix.reg
2007-07-19 03:05:58 674 --a------ C:\WINDOWS\ie-ads-uninst.reg
2007-07-19 03:05:57 6984234 --a------ C:\WINDOWS\ie-ads.reg
2007-07-19 03:05:52 0 d-------- C:\Program Files\XP Smoker
2007-07-11 19:53:04 0 d-------- C:\Program Files\ElastoMania111
2007-07-11 07:41:10 0 d-------- C:\Program Files\EasyAlarm
2007-07-11 07:41:01 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-07-08 16:19:23 0 d-------- C:\Program Files\TVAnts
2007-07-08 15:06:33 0 d-------- C:\ppmaterecord
2007-07-08 15:05:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\PPMate
2007-07-08 15:05:05 0 d-------- C:\Program Files\Common Files\Synacast
2007-07-08 12:41:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\SopCast
2007-07-08 12:41:37 0 d-------- C:\Program Files\SopCast


-- Find3M Report ---------------------------------------------------------------

2007-08-08 11:34:17 0 d-------- C:\Program Files\Java
2007-08-07 19:24:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-08-07 19:15:14 0 d-------- C:\Program Files\VstPlugins
2007-08-07 19:15:14 0 d-------- C:\Program Files\Image-Line
2007-08-07 19:07:41 10 --a------ C:\WINDOWS\system32\deposit.dll
2007-08-07 18:45:25 1272 --a------ C:\WINDOWS\ImpTableL.bin
2007-08-07 12:55:51 0 d-------- C:\Program Files\SpywareBlaster
2007-08-06 20:00:08 10047 --a------ C:\WINDOWS\msvrc20.dll
2007-08-05 06:16:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-08-03 22:27:04 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-08-03 22:12:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-08-03 21:35:01 0 d-------- C:\Program Files\Skype
2007-08-03 21:34:47 0 d-------- C:\Program Files\Common Files\Skype
2007-07-30 06:03:24 0 d-------- C:\Program Files\Subdownloader
2007-07-29 11:10:52 0 d-------- C:\Program Files\Project64 1.6
2007-07-29 07:57:02 0 d-------- C:\Program Files\Opera
2007-07-28 08:51:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\ppstream
2007-07-22 23:58:44 3561 --a------ C:\WINDOWS\wmplayer.reg
2007-07-22 23:51:08 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-18 19:23:10 884 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-08 16:08:48 0 d-------- C:\Program Files\MSN Messenger
2007-07-08 15:05:05 0 d-------- C:\Program Files\Common Files
2007-07-08 14:56:54 0 d-------- C:\Program Files\TVUPlayer
2007-07-07 14:48:22 0 d-------- C:\Program Files\AviSynth 2.5
2007-07-07 03:31:35 549 --a------ C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
2007-07-07 02:34:46 0 d-------- C:\Program Files\AC3Filter1
2007-07-07 02:32:26 0 d-------- C:\Program Files\AC3Filter
2007-07-07 02:27:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
2007-07-07 02:26:52 0 d-------- C:\Program Files\ffdshow
2007-07-05 21:48:54 0 d-------- C:\Program Files\Gabest
2007-07-05 21:00:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2007-07-04 19:56:09 0 d-------- C:\Program Files\subrip
2007-07-04 16:10:44 2775 --a------ C:\WINDOWS\mozver.dat
2007-07-04 16:01:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-07-01 18:59:20 0 d-------- C:\Program Files\Joost
2007-07-01 18:32:31 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll Sony DADC Austria AG.; >
2007-07-01 04:12:57 0 d-------- C:\Program Files\ASIO4ALL v2
2007-07-01 03:41:20 0 d-------- C:\Program Files\Mgtweak
2007-07-01 03:39:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-01 03:29:19 0 d-------- C:\Program Files\Innovative Solutions
2007-06-29 06:57:11 0 d-------- C:\Program Files\Azureus
2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-28 03:00:47 0 d-------- C:\Program Files\Kaspersky Lab
2007-06-28 02:54:44 0 d-------- C:\Program Files\Winamp
2007-06-28 02:31:53 0 d-------- C:\Program Files\CCleaner
2007-06-28 01:59:39 0 d-------- C:\Program Files\HDD Regenerator
2007-06-28 01:29:27 0 d-------- C:\Program Files\EvilLyrics
2007-06-27 03:17:31 0 d-------- C:\Program Files\IMMonitor
2007-06-26 12:52:24 0 d-------- C:\Program Files\Sunbelt Software
2007-06-26 12:33:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Audacity
2007-06-26 12:31:11 0 d-------- C:\Program Files\TetriNet2
2007-06-26 12:30:49 0 d-------- C:\Program Files\Windows Live Toolbar
2007-06-26 12:28:50 0 d-------- C:\Program Files\Net Tools
2007-06-26 06:50:56 512 --a------ C:\ScanSectorLog.dat
2007-06-25 03:24:27 56248 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-06-24 17:05:33 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-19 20:34:49 0 d-------- C:\Program Files\DVDIdle Pro
2007-06-15 11:41:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-14 01:46:03 151 --a------ C:\WINDOWS\temp.bat
2007-06-14 01:45:09 0 d-------- C:\Program Files\Lavasoft
2007-06-13 22:22:42 0 d-------- C:\Program Files\OpenAL
2007-06-13 22:20:17 0 d-------- C:\Program Files\WMV9_VCM
2007-06-13 17:58:19 0 d-------- C:\Program Files\Quintessential Media Player
2007-06-13 17:56:12 0 d-------- C:\Program Files\uTorrent
2007-06-13 17:51:32 0 d-------- C:\Program Files\J River
2007-06-12 02:07:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-06-12 02:04:52 0 d-------- C:\Program Files\Apple Software Update
2007-06-11 17:54:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Joost
2007-06-11 15:11:56 0 d-------- C:\Program Files\WinPcap
2007-06-09 21:58:16 0 d-------- C:\Program Files\PKR
2007-06-07 04:00:48 931 --a------ C:\Documents and Settings\Administrator\Application Data\enigmarc.lua2
2007-06-03 14:31:28 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-30 01:39:41 335 --a------ C:\WINDOWS\mozregistry.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [23.07.2007 17:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 12:25]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [28.07.2007 09:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29.06.2007 00:43]
"nwiz"="nwiz.exe" [29.06.2007 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [29.06.2007 00:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01.10.2006 15:00]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [25.07.2007 05:01]
"BoostSpeed"="C:\Program Files\AusLogics BoostSpeed\boostspeed.exe" [02.08.2007 10:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartMenuPinnedList"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]




-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost
127.0.0.1 .impresionesweb.com
127.0.0.1 .banners.publipagos.com
127.0.0.1 .publipagos.com
127.0.0.1 v3.publipagos.com
127.0.0.1 red.as-eu.falkag.net
127.0.0.1 .googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 pagead1.googlesyndication.com
127.0.0.1 morannon.fok.nl

14787 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-08-08 at 11:51:25 ---------


Deckard's System Scanner v20070807.62
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.66GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.36 MiB / 663.03 MiB
Pagefile Memory (total/avail): 3925.57 MiB / 3679.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.48 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 16.39 GiB free.
D: is Fixed (NTFS) - 87.88 GiB total, 10.13 GiB free.
E: is Fixed (NTFS) - 64.77 GiB total, 9.5 GiB free.
G: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallOverride is set.

FW: COMODO Firewall Pro v2.3.035 (COMODO) Disabled
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\(uTorrent)\\utorrent.exe"="C:\\Program Files\\(uTorrent)\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:utorrent"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppmnet.exe"="C:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUSEE"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EXPERIENCE
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\EXPERIENCE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\BITVISE TUNNELIER;C:\PROGRAM FILES\COMMON FILES\ADOBE\AGL;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=EXPERIENCE
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AbsoluteShield File Shredder --> "C:\Program Files\SysShield Tools\File Shredder\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter1\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /X{46AC899A-9ECB-43DC-85DE-272E0D116A1E}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE C:\WINDOWS\system32\Macromed\Shockwave 10\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Advanced WindowsCare 2.51 Professional --> "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\unins000.exe"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AusLogics BoostSpeed --> "C:\Program Files\AusLogics BoostSpeed\unins000.exe"
Awale --> C:\Awale\Uninstal\Uninstal.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
biohazard 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x9 -removeonly
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CheckerBoard 1.64 --> "C:\Program Files\CheckerBoard\unins000.exe"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Dance eJay 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A18BB607-BC5A-474E-88FD-C215B91A0F97}\setup.exe" -l0x9 -removeonly
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dolphin 1.3 beta --> C:\Program Files\Dolphin\uninst.exe
EasyAlarm Versio 0.9 Beta --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\EasyAlarm\ST6UNST.LOG"
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
Elasto Mania --> C:\PROGRA~1\ElastoMania111\UNWISE.EXE C:\PROGRA~1\ElastoMania111\INSTALL.LOG
Enigma --> "C:\Program Files\Enigma\uninstall.exe"
Evil days of Luckless John --> D:\Pelit\Evil Days of Luckless John\uninstall.exe
FaceGen Modeller 3.1 --> MsiExec.exe /I{332B1B33-D0EE-4A0A-AB2F-12BF56BCE1C3}
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
ffdshow [rev 1324] [2007-07-01] --> "C:\Program Files\ffdshow\unins000.exe"
FireTune --> C:\WINDOWS\iun6002.exe "C:\Program Files\FireTune\irunin.ini"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Frets On Fire --> "e:\Pelit\Frets on Fire 1.2.432\Uninstall.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HCC Lite --> C:\PROGRA~1\HCCLIT~1\UNWISE.EXE C:\PROGRA~1\HCCLIT~1\INSTALL.LOG
HDD Regenerator --> MsiExec.exe /X{9064B17E-9FC9-439D-A4A0-668EC6AAFDEC}
Heavyweight Thunder --> C:\WINDOWS\unvise32.exe d:\Pelit\Heavyweight Thunder\uninstal.log
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
iColorFolder --> C:\Program Files\iColorFolder\uninstall.exe
Icy Tower v1.3.1 --> "c:\games\icytower1.3\unins000.exe"
Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
IZArc 3.7 --> "C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Anti-Virus 7.0 Beta --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
LWJGL Demo [examples.spaceinvaders.Game] --> C:\WINDOWS\system32\javaws.exe -uninstall "http://lwjgl.org/jnlp/lwjgl-demo.php/examples.spaceinvaders.Game"
LWJGL Demo [test.input.TestControllers] --> C:\WINDOWS\system32\javaws.exe -uninstall "http://lwjgl.org/jnlp/lwjgl-demo.php/test.input.TestControllers"
MailFrontier Desktop --> C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
md5summer --> MsiExec.exe /I{F915EA2E-7CA2-42AD-8EE2-92CD95A033CF}
Media Jukebox 8.0 --> C:\WINDOWS\system32\MJUninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0015-040B-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00BA-040B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0044-040B-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001A-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007 --> MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0019-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Word MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad) --> "C:\Program Files\GNU\MPEG2\Uninstall.exe"
Nero 7 Ultra Edition BASIC --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444445167}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\openalweax.exe" /U /S
Opera 9.22 --> MsiExec.exe /X{AF708E87-ACA2-42FC-AF41-B50226F4C787}
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Registry Clean Expert --> "C:\Program Files\Registry Clean Expert\unins000.exe"
Sandlot Games Client Services 1.2.2 --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SiSoftware Sandra Professional Home XI.SP1a (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\unins000.exe"
Skype? 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Stream TV --> MsiExec.exe /I{FDB750D5-E068-4D13-A506-58E910EFF332}
SubDownloader --> "C:\Program Files\Subdownloader\uninstall.exe"
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Summer Bound 1.0 --> "C:\Program Files\SummerBound\unins000.exe"
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Time Adjuster STANDARD 3.1 --> "C:\Program Files\TimeAdjuster\Uninstall.exe"
TrackMania United 0.2.0.0 --> "d:\Pelit\TrackMania United\unins000.exe"
TVUPlayer 2.3.2.19 --> C:\Program Files\TVUPlayer\uninst.exe
UltraISO Premium V8.2 --> "C:\Program Files\UltraISO\unins000.exe"
Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 beta3 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
VisualRoute --> "C:\Program Files\VisualRoute\Uninstall.exe" "C:\Program Files\VisualRoute"
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
XP Smoker Pro 5.3 --> "C:\Program Files\XP Smoker\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event ID #2654: Error
Event Submitted/Written: 08/07/2007 05:25:43 PM
Event Source: Application Error
Event Description:
Faulting application cpf.exe, version 2.4.0.58, faulting module cpf.exe, version 2.4.0.58, fault address 0x00005fe1.
Processing media-specific event for [cpf.exe!ws!]

Event ID #2648: Error
Event Submitted/Written: 08/05/2007 04:01:55 PM
Event Source: Application Error
Event Description:
Faulting application livef1.exe, version 1.0.0.0, faulting module msvbvm60.dll, version 6.0.97.82, fault address 0x00046176.
Processing media-specific event for [livef1.exe!ws!]

Event ID #2639: Error
Event Submitted/Written: 08/05/2007 08:13:03 AM
Event Source: PDEngine
Event Description:
Unable to move file C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u3ayxyxv.default\sessionstore.js after many attempts. Skipping file.

Event ID #2638: Error
Event Submitted/Written: 08/05/2007 08:09:31 AM
Event Source: PDEngine
Event Description:
Unable to move file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb after many attempts. Skipping file.

Event ID #2635: Error
Event Submitted/Written: 08/05/2007 04:23:50 AM
Event Source: Application Error
Event Description:
Faulting application subtitleworkshop.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a7b.
Processing media-specific event for [subtitleworkshop.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #10550: Error
Event Submitted/Written: 08/08/2007 11:40:15 AM
Event Source: DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.

Event ID #10546: Warning
Event Submitted/Written: 08/08/2007 09:05:41 AM
Event Source: W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event ID #10545: Error
Event Submitted/Written: 08/08/2007 00:29:34 AM
Event Source: F-Secure Standalone Minifilter
Event Description:
\Device\HarddiskVolume1\Pr...cpfu

Event ID #10544: Error
Event Submitted/Written: 08/08/2007 00:23:32 AM
Event Source: F-Secure Standalone Minifilter
Event Description:
\Device\HarddiskVolume1...ssionst

Event ID #10543: Error
Event Submitted/Written: 08/08/2007 00:19:26 AM
Event Source: F-Secure Standalone Minifilter
Event Description:
\Device\HarddiskVolume1...ssionst



-- End of Deckard's System Scanner: finished at 2007-08-08 at 11:51:25 ---------
[ + lainaa]
Mainos
_ 		__
 
_
Auttaja
Suspended permanently
_ 		8. elokuuta 2007 @ 09:05 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
[ + lainaa]
Don“t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > tarkasteluun
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy