AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
sunnuntai 3.8.2025 / 22:56
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kone tökkii hjt-loki
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
kone tökkii hjt-loki
  Siirry:
 
Kirjoittaja Viesti
rosemoo
Junior Member
_ 		8. elokuuta 2007 @ 18:53 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
kone tökkii aika pirusti välillä mutta tässä kuuluisa hjt-loki jos joku haluais auttaa :) kiitokset!!

Logfile of HijackThis v1.99.1
Scan saved at 22:49:26, on 8.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\YOUR-05E275D928\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.detoate.home.ro
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.detoate.home.ro/MAIN.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.detoate.home.ro/MAIN.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://detoate.home.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\irwin\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Program Files\BitComet\Downloads\crack\svchost.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [User Themes] C:\Program Files\Common Files\Microsoft Shared\DAO\YOUR-05E275D928\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
[ + lainaa]
Auttaja
Suspended permanently
_ 		8. elokuuta 2007 @ 19:10 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

==========

on siel jotain :)
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
rosemoo
Junior Member
_ 		9. elokuuta 2007 @ 22:54 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
tässä online scannerin log:

Scanning Report
Thursday, August 09, 2007 20:31:27 - 02:00:55

Computer name: YOUR-05E275D928
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 32 malware found
Swizzor.GN (virus)
C:\NoLopBackups\Idle64.0xe.014.0nfected (Submitted)
Swizzor.GP (virus)
C:\NoLopBackups\Antemore.exe.04.infected (Submitted)
Swizzor.GZ (virus)
C:\NoLopBackups\Bore 01.exe.06.infected (Submitted)
C:\NoLopBackups\Sizedumb.exe.022.infected (Submitted)
C:\NoLopBackups\Winonline.exe.025.infected (Submitted)
C:\Documents and Settings\Timo\Application Data\DriveSaveSupport\eajlclqz.exe (Submitted)
C:\Documents and Settings\Timo\Application Data\DriveSaveSupport\gwbtqmqh.exe (Submitted)
C:\Documents and Settings\Timo\Application Data\DriveSaveSupport\oradufcg.exe (Submitted)
Swizzor.JG (virus)
C:\NoLopBackups\Activehole.exe.03.infected (Submitted)
Swizzor.gen (virus)
C:\NoLopBackups\01platform.exe.01.infected (Submitted)
C:\NoLopBackups\Bold Help.exe.05.infected (Submitted)
C:\NoLopBackups\Loud Debug.exe.016.infected (Submitted)
C:\NoLopBackups\Mapibib.exe.017.infected (Submitted)
C:\NoLopBackups\Soft Trust.exe.023.infected (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
Trojan-Downloader.Win32.Swizzor.de (virus)
C:\NoLopBackups\1632.0xe.02.0nfected (Submitted)
C:\NoLopBackups\Copymail.0xe.08.0nfected (Submitted)
C:\NoLopBackups\Default First.0xe.010.0nfected (Submitted)
C:\NoLopBackups\Eqdale.0xe.011.0nfected (Submitted)
C:\NoLopBackups\Hole Math.0xe.013.0nfected (Submitted)
C:\NoLopBackups\Iso Web.0xe.015.0nfected (Submitted)
C:\NoLopBackups\Memo Bits.0xe.018.0nfected (Submitted)
C:\NoLopBackups\Mess Stupid.0xe.019.0nfected (Submitted)
C:\NoLopBackups\Viewhelp.0xe.024.0nfected (Submitted)
Trojan.Win32.EliteBar.a (virus)
C:\Documents and Settings\LKP\Local Settings\Temp\131962_396_1940_5500_63.41.0mp1 (Submitted)
C:\Documents and Settings\LKP\Local Settings\Temp\2491000_396_1940_4192_63.41.0mp1 (Submitted)
C:\Documents and Settings\LKP\Local Settings\Temp\2752766_396_1940_5996_63.41.0mp1 (Submitted)
C:\Documents and Settings\LKP\Local Settings\Temp\524532_396_1940_424_63.41.0mp1 (Submitted)
C:\Documents and Settings\LKP\Local Settings\Temp\655686_396_1940_352_63.41.0mp1 (Submitted)
W32/Hupigon.UKZ (virus)
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1006\Dc15\HOODLUM\HLM-INTR.EXE (Submitted)
W32/Zlob.ADXB (virus)
C:\Program Files\Logitech\G-series Software\SDK\LCDSDK_1.02.218.zip\Tools\VLCDCtrl.exe
C:\Program Files\Logitech\G-series Software\SDK\Tools\VLCDCtrl.exe (Submitted)
Statistics
Scanned:
Files: 464640
System: 8250
Not scanned: 507
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 31
Submitted: 30
Files not scanned:
?xxIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_B24.DAT
C:\WINDOWS\SYSTEM32\BIOS1.ROM
C:\WINDOWS\SYSTEM32\FXSTMP\FXS9E0.TMP
C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\INSTALLER\MSI281.TMP
bios1.rom
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\DC1.WMA
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\DC133.JPG
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\DC190.JPG
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\DC21.WMA
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\DC6.WMA
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\DC7.WMA
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\DC77.ZIP
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1006\DC1.EXE
C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1006\DC2.EXE
org/eclipse/jdt/internal/compiler/parser/parser21.rsc
root.img
C:\PROGRAM FILES\NERO\NERO 7\INCD\DMA.BIN
C:\PROGRAM FILES\NERO\NERO 7\INCD\GAA.BIN
C:\PROGRAM FILES\NERO\NERO 7\INCD\LGC.BIN
C:\PROGRAM FILES\F-SECURE\COMMON\ADMIN.PUB
C:\PROGRAM FILES\F-SECURE\COMMON\POLICY.IPF
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\CHANDIR.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\D0000000.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\L0000002.FCS
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\PRS.DAT
C:\PROGRAM FILES\F-SECURE\BACKWEB\7681197\USERS\DEFAULT\DATA\STORYDB.DAT
C:\PROGRAM FILES\DC++\INCOMPLETE\WALKING TALL.AVI.P55XWBB434XM4U63WGIEV5TBNOIFLIIJI7B4G5Q.DCTMP
C:\PROGRAM FILES\DC++\DOWNLOADS\JENS O - REASON (PAFFENDORF DJ RMX).MP3
C:\PROGRAM FILES\DC++\DOWNLOADS\JENS O - REASON (PICCOS HOUSE REMIX).MP3
C:\DOWNLOADS\FEAR.RAR.BC!
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DF56CB.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\~DFAF1C.TMP
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\WAS5FA5.TMP\ELEMENTS\PLAYER\NORMAL\BUTTON-PL-NORMAL.PNG
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\WAS5FA5.TMP\ELEMENTS\PLAYER\NORMAL\BUTTON-PLAY-DOWNGLOW.PNG
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\WAS5FA5.TMP\ELEMENTS\PLAYER\NORMAL\BUTTON-PLAY-GLOW.PNG
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\WAS5FA5.TMP\ELEMENTS\PLAYER\NORMAL\BUTTON-PLAY-SUPERGLOW.PNG
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\WAS5FA5.TMP\ELEMENTS\PLAYER\NORMAL\BUTTON-PLAYPAUSE-DOWN.PNG
C:\DOCUMENTS AND SETTINGS\TIMO\LOCAL SETTINGS\TEMP\WAS5FA5.TMP\ELEMENTS\PLAYER\NORMAL\BUTTON-PLAYPAUSE-NORMAL.PNG
C:\DOCUMENTS AND SETTINGS\TIMO\APPLICATION DATA\LOCKTIME\NETLIMITER\HISTORY\APPHIST.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LKP\RECENT\MIE VAA.LNK
C:\DOCUMENTS AND SETTINGS\LKP\LOCAL SETTINGS\TEMP\BCG1EB.TMP
C:\DOCUMENTS AND SETTINGS\LKP\LOCAL SETTINGS\TEMP\BCG1EC.TMP
C:\DOCUMENTS AND SETTINGS\LKP\LOCAL SETTINGS\TEMP\BCG1ED.TMP
C:\DOCUMENTS AND SETTINGS\LKP\LOCAL SETTINGS\TEMP\BCG1F1.TMP
C:\DOCUMENTS AND SETTINGS\LKP\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_120.DAT
C:\DOCUMENTS AND SETTINGS\LKP\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_1?
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-08-08
F-Secure AVP: 7.0.171, 2007-08-09
F-Secure Orion: 1.2.37, 2007-08-09
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 2007-07-23
F-Secure Pegasus: 1.19.0, 2007-07-05
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


ja tässä combofix:


ComboFix 07-08-09.3 - "irwin" 2007-08-10 2:32:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.462 [GMT 3:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\{F48F7~1
C:\WINDOWS\system32\f3PSSavr.scr


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


2007-08-10 02:23 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 12:52 d-------- C:\WINDOWS\system32\fi-fi
2007-08-09 12:47 d-------- C:\WINDOWS\network diagnostic
2007-08-09 12:46 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-06 02:23 d-------- C:\DOCUME~1\irwin\.sears
2007-08-03 03:14 d-------- C:\Downloads
2007-07-30 00:46 d-------- C:\Program Files\K-Lite Codec Pack
2007-07-29 15:12 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania United
2007-07-29 14:49 d-------- C:\Program Files\TrackMania United
2007-07-25 00:57 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-07-24 12:55 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-07-24 12:38 d-------- C:\Program Files\Sierra
2007-07-15 16:18 d-------- C:\Program Files\Symbian OS Tools
2007-07-12 14:31 d-------- C:\Program Files\NetLimiter 2 Pro
2007-07-11 12:22 60,968 --a------ C:\WINDOWS\system32\wpfb_ati2dvag.dll
2007-07-11 12:20 d-------- C:\DOCUME~1\irwin\APPLIC~1\ATI
2007-07-11 12:07 d-------- C:\Program Files\Common Files\ATI Technologies
2007-07-11 12:02 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-07-11 12:02 d-------- C:\Program Files\ATI Technologies
2007-07-11 11:58 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-07-11 11:58 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2007-07-11 11:58 142,347 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-07-10 02:28 d-------- C:\DOCUME~1\irwin\APPLIC~1\Help


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 02:18 --------- d-------- C:\Program Files\DC++
2007-08-08 15:58 --------- d-------- C:\Program Files\BitComet
2007-08-03 03:14 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-31 20:32 77588 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-31 20:32 61752 --a------ C:\WINDOWS\system32\perfc040.dat
2007-07-31 20:32 378986 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-31 20:32 348776 --a------ C:\WINDOWS\system32\perfh040.dat
2007-07-29 18:47 --------- d-------- C:\Program Files\Winamp
2007-07-24 19:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-23 18:55 --------- d-------- C:\DOCUME~1\irwin\APPLIC~1\uTorrent
2007-07-23 00:39 --------- d-------- C:\Program Files\Opera
2007-07-19 15:06 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-07-17 03:06 6850048 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-07-08 17:07 60968 --a------ C:\WINDOWS\system32\wpfb_nv4_disp.dll
2007-07-01 23:47 --------- d-------- C:\Program Files\B2BPOKER
2007-06-28 23:14 --------- d-------- C:\Program Files\Nokia
2007-06-28 23:14 --------- d-------- C:\Program Files\Common Files\Nokia
2007-06-28 22:49 --------- d-------- C:\DOCUME~1\irwin\APPLIC~1\PC Suite
2007-06-28 21:16 --------- d-------- C:\DOCUME~1\irwin\APPLIC~1\Nokia
2007-06-28 21:09 --------- d-------- C:\Program Files\DIFX
2007-06-28 21:07 --------- d-------- C:\Program Files\PC Connectivity Solution
2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-28 00:21 1200 --a------ C:\WINDOWS\ImpTableL.bin
2007-05-22 11:02 163840 --a------ C:\WINDOWS\system32\unrar.dll
2007-05-19 23:08 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 18:14 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-12 15:35 1056768 --a------ C:\WINDOWS\system32\FreeImage.dll
2007-05-12 15:19 53248 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-12 15:19 53248 --a------ C:\WINDOWS\system32\sysdat.dll
2004-07-06 12:21 499712 -ra------ C:\Program Files\msvcp71.dll
2005-05-13 15:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 19:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-03 02:09]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-11-20 12:24]
"McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 01:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2005-09-07 15:33]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 15:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 15:14]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2005-09-19 09:30]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 11:53]
"Windows LSASS Service"="C:\Program Files\BitComet\Downloads\crack\svchost.exe" []
"PivotSoftware"="C:\Program Files\WinPortrait\wpctrl.exe" [2005-01-26 13:57]
"DT Task"="C:\Program Files\Portrait Displays\forteManager\DTHtml.exe" [2005-10-14 19:41]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12]
"User Themes"="C:\Program Files\Common Files\Microsoft Shared\DAO\YOUR-05E275D928\svchost.exe" [2007-06-27 14:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 01:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]
"McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" []
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 16:15]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 12:06]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-07-19 10:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\irwin\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-07 22:54:49]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-01 18:41:07]

R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R0 Vax347b;Vax347b;C:\WINDOWS\system32\DRIVERS\Vax347b.sys
R0 Vax347s;Vax347s;C:\WINDOWS\system32\Drivers\Vax347s.sys
R1 KS0108;KS0108;\??\C:\Program Files\LcdStudio\ks0108.sys
R1 LC7981;LC7981;\??\C:\Program Files\LcdStudio\LC7981.sys
R1 n3900;n3900;\??\C:\Program Files\LcdStudio\n3900.sys
R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys
R1 pivot;pivot;C:\WINDOWS\system32\drivers\pivot.sys
R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys
R1 SED133x;SED133x;\??\C:\Program Files\LcdStudio\SED133x.sys
R1 T6963C;T6963C;\??\C:\Program Files\LcdStudio\T6963c.sys
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys
R2 FSpm;F-Secure Policy Manager;\??\C:\Program Files\F-Secure\Common\FSPM.SYS
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys
R3 McAfeePF;McAfee Firewall Network Filter Miniport;C:\WINDOWS\system32\DRIVERS\fw220.sys
R3 Mtlmnt5;Mtlmnt5;C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
R3 PdiPorts;Portrait Displays low level device driver;C:\WINDOWS\system32\Drivers\PdiPorts.sys
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;\??\C:\WINDOWS\system32\drivers\pivotmou.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 Slntamr;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\slntamr.sys
R3 SlWdmSup;SlWdmSup;C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
R3 UsbFltr;%SvcDisplayName%;C:\WINDOWS\system32\drivers\copperhd.sys
S0 RecAgent;RecAgent;C:\WINDOWS\system32\DRIVERS\RecAgent.sys
S2 AvSynMgr;AVSync Manager;"C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe"
S2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys
S3 Mtlstrm;Mtlstrm;C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 NtMtlFax;NtMtlFax;C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
S3 pdiddcci;DDC/CI monitor;C:\WINDOWS\system32\DRIVERS\pdiddcci.sys
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys
S3 SlNtHal;SlNtHal;C:\WINDOWS\system32\DRIVERS\Slnthal.sys
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys


Contents of the 'Scheduled Tasks' folder
2007-08-09 20:01:00 C:\WINDOWS\Tasks\BitComet.job - C:\PROGRA~1\BitComet\BitComet.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 02:44:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38CBAF23-9577-5271-1F5D-6520ECCFC8BA}]
"ianhalenbejnnecpdn"=hex:69,61,6f,63,62,6e,6c,63,6b,69,6d,6a,6c,63,68,6b,70,6b,00,00
"hahhgbhnahghfegk"=hex:69,61,6f,63,62,6e,6c,63,6b,69,6d,6a,6c,63,68,6b,70,6b,00,00

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-10 2:48:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 02:48
C:\ComboFix2.txt ... 2006-10-19 17:27
C:\ComboFix3.txt ... 2006-10-19 17:07

--- E O F ---

[ + lainaa]
Auttaja
Suspended permanently
_ 		10. elokuuta 2007 @ 06:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Lainaus:
Dirlook::
C:\Program Files\Common Files\Microsoft Shared\DAO\YOUR-05E275D928
C:\Program Files\Common Files\Microsoft Shared\DAO

Folder::
C:\Program Files\BitComet\Downloads\crack
C:\Program Files\Common Files\Microsoft Shared\DAO\YOUR-05E275D928
C:\NoLopBackups
C:\Documents and Settings\Timo\Application Data\DriveSaveSupport

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows LSASS Service"=-
"User Themes"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{38CBAF23-9577-5271-1F5D-6520ECCFC8BA}]

Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)

Sitten raahaa CFScript ComboFix.exeen kuten alla.




Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. elokuuta 2007 @ 08:17
rosemoo
Junior Member
_ 		11. elokuuta 2007 @ 14:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
mikähän tässä afterdawnin sivulla on vikana ku ei pysty laittaa tota logia.. kestää vaan ikuisuuden ja mitään ei tapahdu ja sitte tulee joku virheilmotus


[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 11. elokuuta 2007 @ 14:30
Auttaja
Suspended permanently
_ 		11. elokuuta 2007 @ 20:15 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Hmm... Yritä vielä uudestaan.. Voit myös yrittää pm(private message) minulle.. tai sitten ladata nettiin sen jonnekkin... :)
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
rosemoo
Junior Member
_ 		12. elokuuta 2007 @ 11:29 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
tässä linkki siihen logiin http://fileho.com/download/ffa9d2162261/log.txt.html täytyy avata explorerilla :)

[ + lainaa]
Auttaja
Suspended permanently
_ 		12. elokuuta 2007 @ 14:45 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
jep..

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
rosemoo
Junior Member
_ 		12. elokuuta 2007 @ 16:50 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Deckard's System Scanner v20070809.63
Run by irwin on 2007-08-12 at 20:36:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
73: 2007-08-12 17:36:10 UTC - RP576 - Deckard's System Scanner Restore Point
72: 2007-08-10 07:21:18 UTC - RP575 - ComboFix created restore point
71: 2007-08-09 23:32:27 UTC - RP574 - ComboFix created restore point
70: 2007-08-09 23:21:37 UTC - RP573 - Software Distribution Service 3.0
69: 2007-08-09 09:52:21 UTC - RP572 - Asennettiin Windows Internet Explorer 7.


-- First Restore Point --
1: 2007-05-25 19:51:49 UTC - RP504 - Poistettu Opera 9.10


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as irwin.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:37:51, on 12.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Documents and Settings\irwin\Työpöytä\dss.exe
C:\HJT\irwin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.detoate.home.ro/MAIN.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://detoate.home.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20060921-142428-533 R3 - URLSearchHook: (no name) - - (no file)
backup-20060921-142429-467 O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
backup-20060921-142429-622 O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
backup-20060921-142429-657 O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
backup-20060921-142429-664 O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
backup-20060921-142429-734 O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
backup-20060921-142429-831 O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
backup-20060921-142429-842 O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
backup-20060921-142429-933 O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
backup-20060921-225517-313 O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
backup-20060921-225517-762 O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
backup-20061019-231506-192 O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
backup-20061019-231506-819 O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
backup-20061019-231506-840 O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
backup-20061019-231506-871 O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R1 KS0108 - c:\program files\lcdstudio\ks0108.sys
R1 LC7981 - c:\program files\lcdstudio\lc7981.sys
R1 n3900 - c:\program files\lcdstudio\n3900.sys
R1 pivot - c:\windows\system32\drivers\pivot.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys
R1 SED133x - c:\program files\lcdstudio\sed133x.sys
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe
R1 T6963C - c:\program files\lcdstudio\t6963c.sys
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R2 FSpm (F-Secure Policy Manager) - c:\program files\f-secure\common\fspm.sys
R3 PdiPorts (Portrait Displays low level device driver) - c:\windows\system32\drivers\pdiports.sys
R3 pivotmou (Pivot Mouse/Pointers Filter Driver) - c:\windows\system32\drivers\pivotmou.sys
R3 UsbFltr (%SvcDisplayName%) - c:\windows\system32\drivers\copperhd.sys USB Optical Mouse>

S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys (file missing)
S3 BTCAMDRV (Mobiola Web Camera driver) - c:\windows\system32\drivers\btcamdrv.sys
S3 catchme - c:\docume~1\irwin\locals~1\temp\catchme.sys (file missing)
S3 pdiddcci (DDC/CI monitor) - c:\windows\system32\drivers\pdiddcci.sys
S3 Razerlow (Razer Copperhead Driver) - c:\windows\system32\drivers\razerlow.sys
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl8139.sys (file missing)
S3 uisp (Freescale USB JW32 driver) - c:\windows\system32\drivers\usbicp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Asset Management Daemon - c:\program files\portrait displays\fortemanager\dtsslsrv.exe
R2 BackWeb Client - 7681197 (F-Secure BackWeb) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\portrait displays\fortemanager\dtsrvc.exe
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe"
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe"
R2 nlsvc (NetLimiter) - "c:\program files\netlimiter 2 pro\nlsvc.exe"
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe"
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe"
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" Nokia.; PC Connectivity Solution>

S2 AvSynMgr (AVSync Manager) - "c:\program files\mcafee\mcafee virusscan\avsynmgr.exe" (file missing)
S2 FSAA (F-Secure Authentication Agent) - "c:\program files\f-secure\common\fsaa.exe"
S3 F-Secure BackWeb LAN Access - "c:\program files\f-secure\backweb\7681197\program\fsbwlan.exe"
S4 McAfee Firewall - "c:\program files\mcafee\mcafee firewall\cpd.exe" /service (file missing)
S4 McShield - "c:\program files\common files\network associates\mcshield\mcshield.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97d-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: d346bus

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0004
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0004
Service: d347bus

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N91
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2007-08-11 23:01:00 264 --a------ C:\WINDOWS\Tasks\BitComet.job


-- Files created between 2007-07-12 and 2007-08-12 -----------------------------

2007-08-09 12:52:35 0 d-------- C:\WINDOWS\system32\fi-fi
2007-08-09 12:47:36 0 d-------- C:\WINDOWS\network diagnostic
2007-08-06 02:23:14 0 d-------- C:\Documents and Settings\irwin\.sears
2007-08-03 03:14:26 0 d-------- C:\Downloads
2007-07-30 00:46:12 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-07-29 15:12:17 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United
2007-07-29 14:49:14 0 d-------- C:\Program Files\TrackMania United
2007-07-25 00:57:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-07-24 12:55:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-07-24 12:38:12 0 d-------- C:\Program Files\Sierra
2007-07-15 16:18:34 0 d-------- C:\Program Files\Symbian OS Tools
2007-07-12 14:31:19 0 d-------- C:\Program Files\NetLimiter 2 Pro


-- Find3M Report ---------------------------------------------------------------

2007-08-12 16:14:17 0 d-------- C:\Program Files\DC++
2007-08-10 02:39:58 0 d-------- C:\Program Files\Common Files
2007-08-08 15:58:38 0 d-------- C:\Program Files\BitComet
2007-08-03 03:14:27 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-31 20:32:21 348776 --a------ C:\WINDOWS\system32\perfh040.dat
2007-07-31 20:32:21 378986 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-31 20:32:21 61752 --a------ C:\WINDOWS\system32\perfc040.dat
2007-07-31 20:32:21 77588 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-29 18:47:36 0 d-------- C:\Program Files\Winamp
2007-07-24 19:55:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 18:30:16 0 d-------- C:\Program Files\Java
2007-07-23 18:55:21 0 d-------- C:\Documents and Settings\irwin\Application Data\uTorrent
2007-07-23 00:39:56 0 d-------- C:\Program Files\Opera
2007-07-17 03:06:50 6850048 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-07-11 12:22:54 60968 --a------ C:\WINDOWS\system32\wpfb_ati2dvag.dll
2007-07-11 12:20:35 0 d-------- C:\Documents and Settings\irwin\Application Data\ATI
2007-07-11 12:13:11 0 d-------- C:\Program Files\Common Files\ATI Technologies
2007-07-11 12:13:11 0 d-------- C:\Program Files\ATI Technologies
2007-07-10 02:28:10 0 d-------- C:\Documents and Settings\irwin\Application Data\Help
2007-07-08 17:07:55 60968 --a------ C:\WINDOWS\system32\wpfb_nv4_disp.dll
2007-07-01 23:47:39 0 d-------- C:\Program Files\B2BPOKER
2007-06-28 23:14:48 0 d-------- C:\Program Files\Common Files\Nokia
2007-06-28 23:14:47 0 d-------- C:\Program Files\Nokia
2007-06-28 22:49:00 0 d-------- C:\Documents and Settings\irwin\Application Data\PC Suite
2007-06-28 21:16:08 0 d-------- C:\Documents and Settings\irwin\Application Data\Nokia
2007-06-28 21:09:09 0 d-------- C:\Program Files\DIFX
2007-06-28 21:07:37 0 d-------- C:\Program Files\PC Connectivity Solution
2007-06-28 18:52:18 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-28 00:21:50 1200 --a------ C:\WINDOWS\ImpTableL.bin
2007-05-22 11:02:22 163840 --a------ C:\WINDOWS\system32\unrar.dll
2007-05-19 23:08:25 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-12 15:35:16 1056768 --a------ C:\WINDOWS\system32\FreeImage.dll
2007-05-12 15:19:05 53248 --a------ C:\WINDOWS\system32\zlib.dll
2007-05-12 15:19:05 53248 --a------ C:\WINDOWS\system32\sysdat.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03.06.2005 02:09]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [20.11.2006 12:24]
"McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [14.12.2004 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [14.12.2004 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [14.12.2004 18:51]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [03.09.2002 19:38]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09.11.2005 01:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [07.09.2005 15:33]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [26.04.2004 16:21]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [06.03.2006 15:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [06.03.2006 15:14]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [19.09.2005 09:30]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [25.11.2005 11:53]
"PivotSoftware"="C:\Program Files\WinPortrait\wpctrl.exe" [26.01.2005 13:57]
"DT Task"="C:\Program Files\Portrait Displays\forteManager\DTHtml.exe" [14.10.2005 19:41]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23.03.2007 13:20]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [25.09.2006 09:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [15.05.2007 01:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 15:00]
"McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" []
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [18.08.2005 16:15]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [19.01.2005 17:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [08.09.2005 12:06]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27.03.2007 15:58]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [19.07.2007 10:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\irwin\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7.10.2005 22:54:49]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 23:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [1.11.2005 18:41:07]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-12 at 20:39:29 ---------







Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Pentium(R) 4 CPU 2.93GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1023.36 MiB / 501.22 MiB
Pagefile Memory (total/avail): 2462.81 MiB / 1991.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.82 MiB

C: is Fixed (NTFS) - 186.31 GiB total, 33.23 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
M: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallOverride is set.

AV: F-Secure Anti-Virus 5.44 v5.44 (F-Secure Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\irwin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-05E275D928
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\irwin
LOGONSERVER=\\YOUR-05E275D928
MAGIC101=C:\MAGIC101
NewEnvironment1=C:\Program Files\ATI Technologies\ATI.ACE\
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution\;C:\MAGIC101\Bin;C:\Program Files\Series_60_Theme_Studio\S60_TS_2_0\bin;C:\Program Files\Series_60_Theme_Studio\S60_TS_2_0\jre\bin;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ESTsoft\ALZip\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\irwin\LOCALS~1\Temp
TMP=C:\DOCUME~1\irwin\LOCALS~1\Temp
USERDOMAIN=YOUR-05E275D928
USERNAME=irwin
USERPROFILE=C:\Documents and Settings\irwin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Timo (admin)
Tiina
LKP (admin)
irwin (admin)
CS (admin)
Järjestelmänvalvoja.YOUR-05E275D928 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\BWUnin-6.1.4.58-7681197L.exe -AppId 7681197
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client --> C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040B.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.7 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70700000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ALZip --> "C:\Program Files\ESTsoft\ALZip\unins000.exe"
AMIP (remove only) --> "C:\Program Files\Winamp\Plugins\amip_uninstall.exe"
ATI-ohjelmiston poisto-ohjelma --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{685755F8-C74B-4613-8137-C90AF458228D}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard --> MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
AVI/MPEG/ASF/WMV Splitter 2.31 --> "C:\Program Files\AVI MPEG ASF WMV Splitter\unins000.exe"
AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe"
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
BitComet 0.91 --> C:\Program Files\BitComet\uninst.exe
BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Carbide.ui S60 Theme Edition 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF5ECAF7-1810-4A9B-B4C4-6314B2D33E30}\setup.exe" -l0x9 -removeonly
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
ContentSAFER for Wizmax -->
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
coverXP (remove only) --> "C:\Program Files\coverXP\cxp-uninst.exe"
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
Dark Blue Messenger (remove only) --> C:\Program Files\MSN Messenger\uninstalldarkblue.exe
DC++ 0.699 --> "C:\Program Files\DC++\uninstall.exe"
DCf++ 7.0 --> "C:\Program Files\DCf++\unins000.exe"
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag 'n drop from Playlist Editor v1.4.0.4 --> C:\Program Files\Winamp\Plugins\dl\uninst_gen_dragndrop.exe
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Easy GDR Creater For Series 60 --> "C:\Program Files\Easy GDR Creater For Series 60\uninstall.exe"
End It All --> C:\PROGRA~1\EndItAll\UNWISE.EXE C:\PROGRA~1\EndItAll\INSTALL.LOG
ewido anti-spyware 4.0 --> C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
eX-it 1.0.0 --> "C:\Program Files\eX-it\unins000.exe"
F-Secure Anti-Virus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
F-Secure BackWeb --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure BackWeb"
F-Secure Management Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
Flash Catcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C6B728E-31B1-48B3-99B5-6B6BB85BC896}\setup.exe"
forteManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84288B51-B162-47FB-A74E-25C6D67E44BB}\setup.exe" -l0x9 -removeonly
gen_tbar (Winamp 2) --> "C:\Program Files\Winamp\Plugins\un_gen_tbar_2.exe"
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Program Files\DC++\Downloads\HijackThis.exe /uninstall
Hopper (Messenger Plus! plug-in) --> C:\Program Files\MessengerPlus! 3\Plugins\Hopper_Uninstaller.exe
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Icy Tower v1.3 --> "c:\games\icytower1.3\unins000.exe"
Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.1_06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B2F032F-CC54-11D7-9D67-00010240CE95}\setup.exe" Anytext
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.3.0 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Labtec WebCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Labtec® Camera -ohjain --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Lame ACM MP3 Codec --> "C:\WINDOWS\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFUBD.inf
LcdStudio 2.0 build 655 --> MsiExec.exe /I{EF9C3C45-BDC0-48C5-B806-117279B5C551}
Logitech G-series Keyboard Software --> MsiExec.exe /X{5A080213-5AEC-4BF2-BB32-796EB0E421EC}
LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
LQfix 2.1 --> "C:\WINDOWS\LQfix\unins000.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee Firewall --> MsiExec.exe /I{4471FF45-62BD-11D6-B259-00C04FF4B435}
McAfee VirusScan Home Edition --> MsiExec.exe /I{E4DC62CE-5F95-11D6-B254-00C04FF4B435}
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9111040B-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 7.0 --> MsiExec.exe /I{323F6CCF-BBBA-41FB-AF39-62C4FE717CA4}
Ml_Icons 0.3 --> "C:\Program Files\Winamp\Ml_Icons-Uninstall.exe"
Mobile Ringtone Converter 2.3.19 --> "C:\Program Files\MRConverter\unins000.exe"
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Työkalupalkki --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\mtbs.exe c
Music NFO Builder 1.17 --> "C:\Program Files\Music NFO Builder\unins000.exe"
Nero 7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NetLimiter 2 Pro (remove only) --> "C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia Multimedia Factory --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BD72E64C-F0DB-40CB-846B-611C57D8AB0C} /l1035
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fin_web.exe /LANG="1035"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Nokia Software Updater --> MsiExec.exe /X{F1C1272D-FEE6-4B24-862C-01F4959997E2}
Opera 9.22 --> MsiExec.exe /X{AF708E87-ACA2-42FC-AF41-B50226F4C787}
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
QuickTime Alternative 1.68 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Razer Copperhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28A946E1-E83B-4662-BC7C-23451851489E}\Setup.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote S60 (remove only) --> "C:\Program Files\Remote S60\Uninstall.exe"
SamsungMediaStudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{289CA3B4-9525-4B31-B58F-D76B2B52EA5A}\Setup.exe" -l0x9
SISWare3.5 --> C:\Program Files\CequenzeTech\SISWare3.5\Uninstall.exe
Smart Link 56K Modem --> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
SmartMovie Converter --> "C:\Program Files\Lonely Cat Games\SmartMovie Converter\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter\install.log
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffPlug-NG (Messenger Plus! Plugins) --> C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
SUPER © Version 2006.19 (FIX) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Tagger v1.1b --> C:\Program Files\Winamp\Plugins\dl\uninst_gen_dl.exe
TrackMania United 0.2.0.0 --> "C:\Program Files\TrackMania United\unins000.exe"
Ultra Video Splitter 3.5.4 --> "C:\Program Files\Ultra Video Splitter\unins000.exe"
UltraMp3 Easy Skinner --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Lonely Cat Games\UltraMp3 Easy Skinner\DeIsL1.isu" -c"C:\Program Files\Lonely Cat Games\UltraMp3 Easy Skinner\_ISREG32.DLL"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Advanced Controls (remove only) --> "C:\Program Files\Winamp\plugins\AdvancedControls5Uninst.exe"
WindowFX --> C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\INSTALL.LOG
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windowsin ohjainpaketti - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WinRAR-pakkausohjelma --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WMPlus 2 (remove only) --> "C:\Program Files\MessengerPlus! 3\Plugins\UnWMPlus2.exe"
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Volume Logic Plug-in for Winamp (remove only) --> "C:\Program Files\Winamp\uninst_vl.exe"


-- Application Event Log -------------------------------------------------------

Event ID #1664: Success
Event Submitted/Written: 08/12/2007 05:43:17 AM
Event Source: usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event ID #1653: Error
Event Submitted/Written: 08/12/2007 05:31:48 AM
Event Source: Application Hang
Event Description:
Lukkiutunut sovellus msnmsgr.exe, versio 8.1.178.0, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Event ID #1634: Error
Event Submitted/Written: 08/10/2007 02:49:10 PM
Event Source: Application Hang
Event Description:
Lukkiutunut sovellus msnmsgr.exe, versio 8.1.178.0, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Event ID #1633: Error
Event Submitted/Written: 08/10/2007 02:48:30 PM / 08/10/2007 02:48:31 PM
Event Source: Application Hang
Event Description:
Lukkiutunut sovellus winamp.exe, versio 5.3.5.1305, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Event ID #1632: Error
Event Submitted/Written: 08/10/2007 02:48:05 PM
Event Source: Application Hang
Event Description:
Lukkiutunut sovellus DCPlusPlus.exe, versio 0.6.9.9, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #7655: Error
Event Submitted/Written: 08/12/2007 08:38:04 PM
Event Source: Service Control Manager
Event Description:
Palvelu SmartLinkService ilmoitti kelpaamattomasta nykyisestä tilasta 0.

Event ID #7654: Warning
Event Submitted/Written: 08/12/2007 07:16:58 PM
Event Source: W32Time
Event Description:
Aikapalvelu ei ole voinut synkronoida järjestelmän kelloa 49152 sekuntiin, koska
aikatoimittaja ei ole voinut toimittaa käytettävää aikaleimaa. Järjestelmän kelloa
ei ole synkronoitu.

Event ID #7653: Warning
Event Submitted/Written: 08/12/2007 03:49:04 PM
Event Source: Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Event ID #7652: Warning
Event Submitted/Written: 08/12/2007 03:04:07 PM
Event Source: Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Event ID #7648: Warning
Event Submitted/Written: 08/12/2007 06:32:49 AM
Event Source: Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.



-- End of Deckard's System Scanner: finished at 2007-08-12 at 20:39:29 ---------



[ + lainaa]
Hujo
Suspended permanently
_ 		12. elokuuta 2007 @ 17:09 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Poista lisää poista sovelutuksesta

Java(TM) SE Runtime Environment 6 Update 1
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 12. elokuuta 2007 @ 17:13
Auttaja
Suspended permanently
_ 		12. elokuuta 2007 @ 17:12 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.exe ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.


* Tee ohjelmalle oma kansio C:\SDFix ja siirrä se sinne
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

==========

Ohjauspaneelin lisää/poista sovelluksen kautta

ewido anti-spyware 4.0 --> C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
Hopper (Messenger Plus! plug-in) --> C:\Program Files\MessengerPlus! 3\Plugins\Hopper_Uninstaller.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java 2 Runtime Environment, SE v1.4.1_06
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"

========

Tässä ohje tuon ewidon seuraajaan.. laita sitten raportti siitä

1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.

2. [*]Käynnistä AVG eAnti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.


HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"


[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

======

eli sdfixin ja avg-antispywaren raporti.. (voit ajaa molemmat yhtäaikaa vikasietotilassa)
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
rosemoo
Junior Member
_ 		13. elokuuta 2007 @ 05:53 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
siitä avg:stä ei jostain syystä saanu raporttia tai siihen ei tullu sitä save report vaihto ehtoa vaan se linkki oli harmaa eli sitä ei voinut painaa... pitää tieten koittaa vielä jos siitäki sais


mutta tossa kuitenki se sdfix


SDFix: Version 1.98

Run by irwin on ma 13.08.2007 at 02:32

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\irwin\Local Settings\Application Data\Microsoft\Messenger\tiina_so@hotmail.com\Sharing Folders\naksu_anttonen88@hotmail.com\Thumbs.db
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\antti6@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\benii_16@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\buuliden@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\cano666@msn.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\daanspaan@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\Desktop.ini
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\dj_pulu@luukku.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\duffe89@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\heikkinen959@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\jani_tiainen@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\jan_autio@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\jompi_91@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\loora_90@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\matti.ohra@jippii.fi.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\mikki_69_@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\neetuz@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\piituska_@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\pirpana_90@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\rittsu_@hotmail.com.lnk
C:\Documents and Settings\LKP\SendTo\WLM - tiina_so@hotmail.com\sukkamulja@hotmail.com.lnk
C:\Program Files\eRightSoft\SUPER\_Setup.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\WINDOWS\system32\avisynth.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\i420vfw.dll
C:\WINDOWS\system32\Smab.dll
C:\WINDOWS\system32\yv12vfw.dll
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\WINDOWS\meta4.exe
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\x2.64.exe
C:\WINDOWS\system32\x.264.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\sam.tmp.LOG
C:\WINDOWS\system32\config\security.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

[ + lainaa]
Auttaja
Suspended permanently
_ 		13. elokuuta 2007 @ 06:28 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Laita viel uusi hijackthis logi
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
rosemoo
Junior Member
_ 		13. elokuuta 2007 @ 07:08 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 11:06:16, on 13.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Opera\Opera.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.detoate.home.ro/MAIN.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://detoate.home.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\irwin\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


[ + lainaa]
Auttaja
Suspended permanently
_ 		13. elokuuta 2007 @ 12:30 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Moron! :)

=========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Unknown
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\irwin\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

Tässä ohje miten merkataan:




==========

Skannaa koneesi Ewido Online Scannerilla

* Lataa Ewido_micro.exe tästä.
* Tallenna tiedosto esimerkiksi työpöydälle.
* Tuplaklikkaa Ewido_micro.exeä työpöydälläsi.
* Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki.
* Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa.
* Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia.
* Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä.
* Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit.
* Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle.
* Klikkaa Remove Infections -nappia.
* Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan.
* Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia.
* Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi
==========


Loistava ohje tietokoneeen nopeuttamiseksi

http://neko.1g.fi/ohje/hidastelua.html

==========

Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:

3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files


Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

ja ewido online skannerin raportti

[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
rosemoo
Junior Member
_ 		13. elokuuta 2007 @ 20:25 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
tota J2SE Runtime Environment 5.0 update 4 ei saa poistettua.. tulee vaan virheilmoitus: "internal error 2753. RegUtils" ja sen jälkeen "vakava virhe".

mutta kuitenkin:



tossa ewido:

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\irwin\Cookies\irwin@statistik-gallup[1].txt
Risk: Medium

Name: Adware.PowerScan
Path: C:\Documents and Settings\Tiina\Käynnistä-valikko\Ohjelmat\Power Scan
Risk: Medium






ja tossa tuo dss mutta siitä ei tullu ku main.txt

Deckard's System Scanner v20070809.63
Run by irwin on 2007-08-14 at 00:13:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as irwin.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 0:13:46, on 14.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\irwin\Työpöytä\dss.exe
C:\HJT\irwin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.detoate.home.ro/MAIN.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://detoate.home.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


-- Files created between 2007-07-14 and 2007-08-14 -----------------------------

2007-08-13 03:03:00 0 d-------- C:\Documents and Settings\irwin\Application Data\Grisoft
2007-08-13 03:01:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-13 02:31:03 0 d-------- C:\WINDOWS\ERUNT
2007-08-09 12:52:35 0 d-------- C:\WINDOWS\system32\fi-fi
2007-08-09 12:47:36 0 d-------- C:\WINDOWS\network diagnostic
2007-08-06 02:23:14 0 d-------- C:\Documents and Settings\irwin\.sears
2007-08-03 03:14:26 0 d-------- C:\Downloads
2007-07-30 00:46:12 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-07-29 15:12:17 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania United
2007-07-29 14:49:14 0 d-------- C:\Program Files\TrackMania United
2007-07-25 00:57:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-07-24 12:55:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-07-24 12:38:12 0 d-------- C:\Program Files\Sierra
2007-07-15 16:18:34 0 d-------- C:\Program Files\Symbian OS Tools


-- Find3M Report ---------------------------------------------------------------

2007-08-13 23:54:42 0 d-------- C:\Program Files\Java
2007-08-13 14:52:45 0 d-------- C:\Program Files\DC++
2007-08-13 13:29:23 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2007-08-13 03:00:50 0 d-------- C:\Program Files\MSN Messenger
2007-08-13 03:00:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-12 23:24:19 0 d-------- C:\Program Files\TGTSoft
2007-08-10 02:39:58 0 d-------- C:\Program Files\Common Files
2007-08-08 15:58:38 0 d-------- C:\Program Files\BitComet
2007-08-03 03:14:27 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-07-31 20:32:21 348776 --a------ C:\WINDOWS\system32\perfh040.dat
2007-07-31 20:32:21 378986 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-07-31 20:32:21 61752 --a------ C:\WINDOWS\system32\perfc040.dat
2007-07-31 20:32:21 77588 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-07-29 18:47:36 0 d-------- C:\Program Files\Winamp
2007-07-23 18:55:21 0 d-------- C:\Documents and Settings\irwin\Application Data\uTorrent
2007-07-23 00:39:56 0 d-------- C:\Program Files\Opera
2007-07-17 03:06:50 6850048 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-07-12 14:31:25 0 d-------- C:\Program Files\NetLimiter 2 Pro
2007-07-11 12:22:54 60968 --a------ C:\WINDOWS\system32\wpfb_ati2dvag.dll
2007-07-11 12:20:35 0 d-------- C:\Documents and Settings\irwin\Application Data\ATI
2007-07-11 12:13:11 0 d-------- C:\Program Files\Common Files\ATI Technologies
2007-07-11 12:13:11 0 d-------- C:\Program Files\ATI Technologies
2007-07-10 02:28:10 0 d-------- C:\Documents and Settings\irwin\Application Data\Help
2007-07-08 17:07:55 60968 --a------ C:\WINDOWS\system32\wpfb_nv4_disp.dll
2007-07-01 23:47:39 0 d-------- C:\Program Files\B2BPOKER
2007-06-28 23:14:48 0 d-------- C:\Program Files\Common Files\Nokia
2007-06-28 23:14:47 0 d-------- C:\Program Files\Nokia
2007-06-28 22:49:00 0 d-------- C:\Documents and Settings\irwin\Application Data\PC Suite
2007-06-28 21:16:08 0 d-------- C:\Documents and Settings\irwin\Application Data\Nokia
2007-06-28 21:09:09 0 d-------- C:\Program Files\DIFX
2007-06-28 21:07:37 0 d-------- C:\Program Files\PC Connectivity Solution
2007-06-28 18:52:18 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-28 00:21:50 1200 --a------ C:\WINDOWS\ImpTableL.bin
2007-05-22 11:02:22 163840 --a------ C:\WINDOWS\system32\unrar.dll
2007-05-19 23:08:25 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03.06.2005 02:09]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [20.11.2006 12:24]
"McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [14.12.2004 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [14.12.2004 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [14.12.2004 18:51]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [03.09.2002 19:38]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09.11.2005 01:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [07.09.2005 15:33]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [26.04.2004 16:21]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [06.03.2006 15:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [06.03.2006 15:14]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [19.09.2005 09:30]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [25.11.2005 11:53]
"PivotSoftware"="C:\Program Files\WinPortrait\wpctrl.exe" [26.01.2005 13:57]
"DT Task"="C:\Program Files\Portrait Displays\forteManager\DTHtml.exe" [14.10.2005 19:41]
"YeppStudioAgent"="C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23.03.2007 13:20]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [25.09.2006 09:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 12:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" []
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [18.08.2005 16:15]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [19.01.2005 17:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [08.09.2005 12:06]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" []
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [27.03.2007 15:58]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [19.07.2007 10:28]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [15.09.2004 15:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\irwin\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7.10.2005 22:54:49]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.9.2005 23:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [1.11.2005 18:41:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-14 at 00:14:04 ---------





[ + lainaa]
Hujo
Suspended permanently
_ 		14. elokuuta 2007 @ 15:04 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:

Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:


Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

[ + lainaa]
Voiko tietsikka koskaan toimia?
rosemoo
Junior Member
_ 		14. elokuuta 2007 @ 19:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
131962_396_1940_5500_63.41.0mp1;C:\Documents and Settings\LKP\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
2491000_396_1940_4192_63.41.0mp1;C:\Documents and Settings\LKP\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
2752766_396_1940_5996_63.41.0mp1;C:\Documents and Settings\LKP\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
524532_396_1940_424_63.41.0mp1;C:\Documents and Settings\LKP\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
655686_396_1940_352_63.41.0mp1;C:\Documents and Settings\LKP\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
33n.0xe;C:\Documents and Settings\Tiina;Win32.HLLW.Kelvin;Deleted.;
dddx.0xe;C:\Documents and Settings\Tiina;Win32.HLLW.Kelvin;Deleted.;
zxxds.0xe;C:\Documents and Settings\Tiina;Win32.HLLW.Kelvin;Deleted.;
zxxds9.0xe;C:\Documents and Settings\Tiina;Win32.HLLW.Kelvin;Deleted.;
zzzs.0xe;C:\Documents and Settings\Tiina;Win32.HLLW.Bropia;Deleted.;
ajeynxuy.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
cqhzbafs.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
iskodvjg.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
ljevikbi.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
lurxfvxj.exe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Incurable.Moved.;
oeiclsgq.exe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Incurable.Moved.;
qlpzhwkw.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
Slow option for help.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
Slow option for help.1xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
tgtdgbei.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
TONS BOLT WINDOW.0XE;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.LopAd;Deleted.;
Tons Bolt Window.1xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.LopAd;Deleted.;
vfjpmqow.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
wzgcoinp.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
xxtpkhkf.0xe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Deleted.;
ymqqxcdk.exe;C:\Documents and Settings\Tiina\Application Data\DriveSaveSupport;Trojan.Swizzor;Incurable.Moved.;
Peak more.0xe;C:\Documents and Settings\Tiina\Application Data\idle enc hold;Trojan.Swizzor;Deleted.;
Peak more.1xe;C:\Documents and Settings\Tiina\Application Data\idle enc hold;Trojan.Swizzor;Deleted.;
131238_8560_8156_9948_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
16122844_8672_1704_9268_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
1966590_1820_2016_2796_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
262322_3396_4064_2720_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
263442_2184_1820_2592_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
328838_1704_204_928_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
393802_1304_1948_3500_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
65884_336_528_3928_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
65896_348_580_3128_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
66144_1792_1988_3896_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
853512_1872_144_5052_62.41.tmp1;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.EliteBar;Incurable.Moved.;
b95ce25d.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
b95f0d2a.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
b95fad42.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
b95faf1f.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
bc1673aa.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
ecqrehbd.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
heutskwy.exe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.LopAd;Deleted.;
hzoaqenr.exe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.LopAd;Deleted.;
idfftewy.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
ISTBARCM.0LL;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Isbar.291;Deleted.;
ISTSVC.0XE;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Isbar.260;Deleted.;
iuhafdtg.exe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
jfghjfgudk.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
jzrohvdu.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
mrcetfyp.exe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
nefthrre.exe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.LopAd;Deleted.;
OL10A8F5.dll;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.SAHAgent;Incurable.Moved.;
osnjogyh.exe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.LopAd;Deleted.;
res130.tmp;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.nCase;Incurable.Moved.;
SIDEFIND.0XE;C:\Documents and Settings\Tiina\Local Settings\Temp;Adware.SideFind;Incurable.Moved.;
tbrhkmjb.exe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
uiysqmkj.exe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.LopAd;Deleted.;
xtepkgkn.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp;Trojan.Swizzor;Deleted.;
10a.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\RarSFX1;Adware.Winad;Incurable.Moved.;
vonner.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp\RarSFX1;Trojan.MulDrop.2548;Deleted.;
10a.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\RarSFX2;Adware.Winad;Incurable.Moved.;
vonner.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp\RarSFX2;Trojan.MulDrop.2548;Deleted.;
10a.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\RarSFX3;Adware.WinUpd;Incurable.Moved.;
vonner.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp\RarSFX3;Trojan.MulDrop.2548;Deleted.;
10a.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\RarSFX4;Adware.WinUpd;Incurable.Moved.;
vonner.0xe;C:\Documents and Settings\Tiina\Local Settings\Temp\RarSFX4;Trojan.MulDrop.2548;Deleted.;
atrc8parb_.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\SahUpdate;Adware.SAHAgent;Incurable.Moved.;
EulaUpgrade.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\SahUpdate;Adware.SAHAgent;Incurable.Moved.;
hqrhil7kg_.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\SahUpdate;Adware.SAHAgent;Incurable.Moved.;
liqp7c25q_.dll;C:\Documents and Settings\Tiina\Local Settings\Temp\SahUpdate;Adware.SAHAgent;Incurable.Moved.;
umqltg4cl_.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\SahUpdate;Adware.SAHAgent;Incurable.Moved.;
update.exe;C:\Documents and Settings\Tiina\Local Settings\Temp\SahUpdate;Adware.SAHAgent;Incurable.Moved.;
FINLAND[1].0XE;C:\Documents and Settings\Tiina\Local Settings\Temporary Internet Files\Content.IE5\O1E3IHUN;Dialer.Premium;Incurable.Moved.;
silent_setup[1].0xe;C:\Documents and Settings\Tiina\Local Settings\Temporary Internet Files\Content.IE5\O1E3IHUN;Adware.EliteBar;Incurable.Moved.;
FINLAND[1].0XE;C:\Documents and Settings\Tiina\Local Settings\Temporary Internet Files\Content.IE5\WVWZE3E9;Dialer.Premium;Incurable.Moved.;
BarMan.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Probably DLOADER.Trojan;Incurable.Moved.;
drnzukvs.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
dzakaqee.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
emslvcit.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
injmwnii.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
iwoivkbs.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
jmyzezow.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
jrnzvzxt.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
ltmczsnk.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
nyidupxv.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
pasfbjcd.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
puveteuf.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
pzlzcgnv.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
qmagsuiz.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
ycwbbwgc.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
zqojgigj.exe;C:\Documents and Settings\Timo\Local Settings\Temp;Trojan.Swizzor;Deleted.;
eajlclqz.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Timo\Application Data\DriveSaveSupport;Trojan.Swizzor;Incurable.Moved.;
gwbtqmqh.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Timo\Application Data\DriveSaveSupport;Trojan.Swizzor;Incurable.Moved.;
oradufcg.exe.vir;C:\QooBox\Quarantine\C\Documents and Settings\Timo\Application Data\DriveSaveSupport;Trojan.Swizzor;Incurable.Moved.;
01platform.exe.01.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
1632.0xe.02.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Activehole.exe.03.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Antemore.exe.04.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
Bold Help.exe.05.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
Bore 01.exe.06.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
Copymail.0xe.08.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Default First.0xe.010.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Eqdale.0xe.011.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Hole Math.0xe.013.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Idle64.0xe.014.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
Iso Web.0xe.015.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Loud Debug.exe.016.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
Mapibib.exe.017.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
Memo Bits.0xe.018.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Mess Stupid.0xe.019.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Sizedumb.exe.022.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
Soft Trust.exe.023.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
Viewhelp.0xe.024.0nfected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Deleted.;
Winonline.exe.025.infected.vir;C:\QooBox\Quarantine\C\NoLopBackups;Trojan.Swizzor;Incurable.Moved.;
f3PSSavr.scr.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.Msearch;Incurable.Moved.;
Dc103.exe\data004;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\Dc103.exe;Adware.SaveNow;;
Dc103.exe\data005;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\Dc103.exe;Adware.SaveNow;;
Dc103.exe;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007;Archive contains infected objects;Moved.;
Dc109.exe\data001;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\Dc109.exe;Adware.SaveNow;;
Dc109.exe;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007;Archive contains infected objects;Moved.;
Dc110.exe\data001;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\Dc110.exe;Adware.SaveNow;;
Dc110.exe;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007;Archive contains infected objects;Moved.;
Dc130.0om;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007;BackDoor.IRC.Sdbot.115;Deleted.;
Dc98.exe;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007;Trojan.MulDrop.1326;Deleted.;
FreeMyEmoticonsV7Comm.exe\data001;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\Dc111\FreeMyEmoticonsV7Comm.exe;Adware.SaveNow;;
FreeMyEmoticonsV7Comm.exe;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\Dc111;Archive contains infected objects;Moved.;
ilmeet.exe\data001;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\Dc111\ilmeet.exe;Adware.SaveNow;;
ilmeet.exe;C:\RECYCLER\S-1-5-21-3087776527-443516791-1341135687-1007\Dc111;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0409212.scr;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP574;Adware.Msearch;Incurable.Moved.;
A0409350.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP575;Trojan.Swizzor;Incurable.Moved.;
A0409351.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP575;Trojan.Swizzor;Incurable.Moved.;
A0409352.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP575;Trojan.Swizzor;Incurable.Moved.;
A0410995.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP581;Tool.Prockill;Incurable.Moved.;
A0412298.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Incurable.Moved.;
A0412299.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Incurable.Moved.;
A0412300.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Incurable.Moved.;
A0412301.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412302.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412303.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412304.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412305.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412306.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412307.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412308.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412309.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412310.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412311.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412312.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412313.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412314.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412315.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.Swizzor;Deleted.;
A0412319.exe\data004;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584\A0412319.exe;Adware.SaveNow;;
A0412319.exe\data005;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584\A0412319.exe;Adware.SaveNow;;
A0412319.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Archive contains infected objects;Moved.;
A0412320.exe\data001;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584\A0412320.exe;Adware.SaveNow;;
A0412320.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Archive contains infected objects;Moved.;
A0412321.exe\data001;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584\A0412321.exe;Adware.SaveNow;;
A0412321.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Archive contains infected objects;Moved.;
A0412322.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Trojan.MulDrop.1326;Deleted.;
A0412323.exe\data001;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584\A0412323.exe;Adware.SaveNow;;
A0412323.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Archive contains infected objects;Moved.;
A0412324.exe\data001;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584\A0412324.exe;Adware.SaveNow;;
A0412324.exe;C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584;Archive contains infected objects;Moved.;
CloseApp.exe;C:\WINDOWS\system32;Tool.CloseApp;Incurable.Moved.;
[ + lainaa]
Hujo
Suspended permanently
_ 		14. elokuuta 2007 @ 19:32 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
ajas tuosta pari cleneria

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

=================

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

=========================

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

[ + lainaa]
Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 14. elokuuta 2007 @ 19:33
rosemoo
Junior Member
_ 		14. elokuuta 2007 @ 23:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\01platform.exe.01.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\10a.exe tagged as not-a-virus:AdWare.Win32.WinAD.aw. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\10a____0.exe tagged as not-a-virus:AdWare.Win32.WinAD.aw. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\10a____1.exe tagged as not-a-virus:AdWare.Win32.WinAD.bf. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\10a____2.exe tagged as not-a-virus:AdWare.Win32.WinAD.bf. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\131238_8560_8156_9948_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\131962_396_1940_5500_63.41.0mp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\16122844_8672_1704_9268_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\1966590_1820_2016_2796_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\2491000_396_1940_4192_63.41.0mp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\262322_3396_4064_2720_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\263442_2184_1820_2592_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\2752766_396_1940_5996_63.41.0mp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\328838_1704_204_928_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\393802_1304_1948_3500_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\524532_396_1940_424_63.41.0mp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\655686_396_1940_352_63.41.0mp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\65884_336_528_3928_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\65896_348_580_3128_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\66144_1792_1988_3896_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\853512_1872_144_5052_62.41.tmp1 infected by "Trojan.Win32.EliteBar.a" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0409212.scr tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0409350.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0409351.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0409352.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0412298.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0412299.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0412300.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Antemore.exe.04.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\atrc8parb_.exe tagged as not-a-virus:AdWare.Win32.Sahat.ag. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Bold Help.exe.05.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Bore 01.exe.06.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\CloseApp.exe tagged as not-a-virus:RiskTool.Win32.CloseApp.a. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\eajlclqz.exe.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\EulaUpgrade.exe tagged as not-a-virus:AdWare.Win32.Sahat.az. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\f3PSSavr.scr.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\FINLAND[10.0XE infected by "Trojan.Win32.Dialer.jr" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\FINLAND[1].0XE infected by "Trojan.Win32.Dialer.jr" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\gwbtqmqh.exe.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\hqrhil7kg_.exe tagged as not-a-virus:AdWare.Win32.Sahat.f. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Idle64.0xe.014.0nfected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\liqp7c25q_.dll tagged as not-a-virus:AdWare.Win32.Sahat.ad. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Loud Debug.exe.016.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\lurxfvxj.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Mapibib.exe.017.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\oeiclsgq.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\OL10A8F5.dll tagged as not-a-virus:AdWare.Win32.Sahat.w. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\oradufcg.exe.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\res130.tmp tagged as not-a-virus:AdWare.Win32.180Solutions.g. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\SIDEFIND.0XE infected by "Trojan-Downloader.Win32.IstBar.jm" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\silent_setup[1].0xe infected by "Trojan-Dropper.Win32.Agent.tv" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Sizedumb.exe.022.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Soft Trust.exe.023.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\umqltg4cl_.exe tagged as not-a-virus:AdWare.Win32.Sahat.ah. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\update.exe tagged as not-a-virus:AdWare.Win32.Sahat.an. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\Winonline.exe.025.infected.vir tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\Documents and Settings\irwin\DoctorWeb\Quarantine\ymqqxcdk.exe tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP545\A0398698.exe tagged as not-a-virus:Monitor.Win32.007SpySoft.308. No Action Taken.
File C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584\A0412327.exe tagged as not-a-virus:RiskTool.Win32.CloseApp.a. No Action Taken.
File C:\System Volume Information\_restore{70E4A45F-7395-4988-9E22-84BFF6F007DA}\RP584\A0412855.exe tagged as not-a-virus:AdWare.Win32.Lop.m. No Action Taken.
File C:\WINDOWS\Resources\Themes\QVMP\LSPatch.exe tagged as not-a-virus:RiskTool.Win32.CloseApp.a. No Action Taken.

[ + lainaa]
Hujo
Suspended permanently
_ 		15. elokuuta 2007 @ 14:41 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

[ + lainaa]
Voiko tietsikka koskaan toimia?
rosemoo
Junior Member
_ 		15. elokuuta 2007 @ 15:04 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\irwin\Työpöytä
[15.8.2007]
[18:51:35]

---Infection Files Found/Removed---
C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0412298.exe
C:\Documents and Settings\irwin\DoctorWeb\Quarantine\A0412299.exe
C:\Documents and Settings\irwin\DoctorWeb\Quarantine\lurxfvxj.exe
C:\Documents and Settings\irwin\DoctorWeb\Quarantine\oeiclsgq.exe

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
C:\Documents and Settings\All Users\Application Data\Estsoft
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Grisoft(2)
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Logitech
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Nokia
C:\Documents and Settings\All Users\Application Data\Npf
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Scandinaviangames
C:\Documents and Settings\All Users\Application Data\Soliddocuments
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Ssdata
C:\Documents and Settings\All Users\Application Data\Trackmania United
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Irwin\Application Data\.bittorrent
C:\Documents and Settings\Irwin\Application Data\Adobe
C:\Documents and Settings\Irwin\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Irwin\Application Data\Ahead
C:\Documents and Settings\Irwin\Application Data\Ati
C:\Documents and Settings\Irwin\Application Data\Azureus
C:\Documents and Settings\Irwin\Application Data\Bsplayer Pro
C:\Documents and Settings\Irwin\Application Data\Datalayer
C:\Documents and Settings\Irwin\Application Data\Displaytune
C:\Documents and Settings\Irwin\Application Data\Drivesavesupport -- EMPTY Directory
C:\Documents and Settings\Irwin\Application Data\Elaborate Bytes
C:\Documents and Settings\Irwin\Application Data\Estsoft
C:\Documents and Settings\Irwin\Application Data\Google
C:\Documents and Settings\Irwin\Application Data\Grisoft
C:\Documents and Settings\Irwin\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Irwin\Application Data\Identities
C:\Documents and Settings\Irwin\Application Data\Intervideo
C:\Documents and Settings\Irwin\Application Data\Jasc
C:\Documents and Settings\Irwin\Application Data\Jasc Software Inc
C:\Documents and Settings\Irwin\Application Data\Lavasoft
C:\Documents and Settings\Irwin\Application Data\Leadertech
C:\Documents and Settings\Irwin\Application Data\Locktime
C:\Documents and Settings\Irwin\Application Data\Macromedia
C:\Documents and Settings\Irwin\Application Data\Media Player Classic
C:\Documents and Settings\Irwin\Application Data\Microsoft
C:\Documents and Settings\Irwin\Application Data\Mozilla
C:\Documents and Settings\Irwin\Application Data\Musicip
C:\Documents and Settings\Irwin\Application Data\Nokia
C:\Documents and Settings\Irwin\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Irwin\Application Data\Opera
C:\Documents and Settings\Irwin\Application Data\Pc Suite
C:\Documents and Settings\Irwin\Application Data\Real
C:\Documents and Settings\Irwin\Application Data\Screenshot Sender
C:\Documents and Settings\Irwin\Application Data\Seven Zip
C:\Documents and Settings\Irwin\Application Data\Soliddocuments
C:\Documents and Settings\Irwin\Application Data\Sun
C:\Documents and Settings\Irwin\Application Data\Thq -- EMPTY Directory
C:\Documents and Settings\Irwin\Application Data\Utorrent
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
C:\Documents and Settings\Järjestelmänvalvoja.your-05e275d928\Application Data\Identities
C:\Documents and Settings\Järjestelmänvalvoja.your-05e275d928\Application Data\Microsoft
C:\Documents and Settings\Lkp\Application Data\Adobe
C:\Documents and Settings\Lkp\Application Data\Adobeum
C:\Documents and Settings\Lkp\Application Data\Ahead
C:\Documents and Settings\Lkp\Application Data\Displaytune
C:\Documents and Settings\Lkp\Application Data\Identities
C:\Documents and Settings\Lkp\Application Data\Jasc Software Inc
C:\Documents and Settings\Lkp\Application Data\Locktime
C:\Documents and Settings\Lkp\Application Data\Macromedia
C:\Documents and Settings\Lkp\Application Data\Media Player Classic
C:\Documents and Settings\Lkp\Application Data\Microsoft
C:\Documents and Settings\Lkp\Application Data\Opera
C:\Documents and Settings\Lkp\Application Data\Pc Suite
C:\Documents and Settings\Lkp\Application Data\Real
C:\Documents and Settings\Lkp\Application Data\Screenshot Sender
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Opera
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Timo\Application Data\Adobe
C:\Documents and Settings\Timo\Application Data\Adobeum
C:\Documents and Settings\Timo\Application Data\Ahead
C:\Documents and Settings\Timo\Application Data\Apple Computer
C:\Documents and Settings\Timo\Application Data\Avg7
C:\Documents and Settings\Timo\Application Data\Gearbox Software -- EMPTY Directory
C:\Documents and Settings\Timo\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Timo\Application Data\Identities
C:\Documents and Settings\Timo\Application Data\Idle Enc Hold -- EMPTY Directory
C:\Documents and Settings\Timo\Application Data\Intertrust
C:\Documents and Settings\Timo\Application Data\Intervideo
C:\Documents and Settings\Timo\Application Data\Jasc
C:\Documents and Settings\Timo\Application Data\Jasc Software Inc
C:\Documents and Settings\Timo\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Timo\Application Data\Locktime
C:\Documents and Settings\Timo\Application Data\Macromedia
C:\Documents and Settings\Timo\Application Data\Media Player Classic
C:\Documents and Settings\Timo\Application Data\Microsoft
C:\Documents and Settings\Timo\Application Data\Neo-modus.com
C:\Documents and Settings\Timo\Application Data\Nokia
C:\Documents and Settings\Timo\Application Data\Opera
C:\Documents and Settings\Timo\Application Data\Real
C:\Documents and Settings\Timo\Application Data\Registry Cleaner
C:\Documents and Settings\Timo\Application Data\Template








Logfile of HijackThis v1.99.1
Scan saved at 19:03:30, on 15.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Opera\Opera.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.detoate.home.ro/MAIN.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://detoate.home.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe







[ + lainaa]
Mainos
_ 		__
 
_
Hujo
Suspended permanently
_ 		15. elokuuta 2007 @ 15:16 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
näyttäis olevan ok
[ + lainaa]
Voiko tietsikka koskaan toimia?
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kone tökkii hjt-loki
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy