|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Security Toolbar 7.1
|
|
Member
|
14. heinäkuuta 2007 @ 07:35 |
Linkki tähän viestiin
|
|
Eli asensin tietokoneelleni epä huomiossa tuollaisen ohjelman kuin security toolbar. Se hälyttää usein "system alert" mutta minun tietääkseni koko ohjelma on itse virus ja se haalii lisää viruksia netista (korjatkaa jos olen väärässä) joten haluaisin poistaa tämän ohjelman muttä en löydä sitä lisää tai poista sovellukset kohdasta enkä mistään muualtakaan. Jos joku voisi nyt autttaa miestä mäessä niin olisin todella kiitollinen :D
|
|
Auttaja
Suspended permanently
|
14. heinäkuuta 2007 @ 11:55 |
Linkki tähän viestiin
|
-> Lataa Hijackthis: http://koti.mbnet.fi/pattaya1/HijackThis.exe
-> Tallenna hakemistoon C:\hjt
->Uudelleennimeä HijackThis.exe -> scanner.exe:ksi näin:
1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.
2. Valitse Uudelleennineä/ Rename.
3. Kirjoita scanner.exe
-> Käynnistä HijackThis ja klikkaa: do a system scan and save a logfile.
-> Lähetä ilmestynyt logisi tähän ketjuun
|
Member
|
14. heinäkuuta 2007 @ 12:18 |
Linkki tähän viestiin
|
Tässä HiJack logini:
Logfile of HijackThis v1.99.1
Scan saved at 16:16:33, on 14.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsrw.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\PROGRA~1\DNANET~1\ANTI-S~1\fsaw.exe
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\acer\Työpöytä\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll
O2 - BHO: (no name) - {2A9B60DE-0B42-47E0-90F8-3703B32AB7AF} - C:\WINDOWS\system32\jkkjj.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\byxxxvt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\fmyfikou.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\dna Nettiturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\viedsnih.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: bw+0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxxxvt - C:\WINDOWS\SYSTEM32\byxxxvt.dll
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
Auttaja
Suspended permanently
|
14. heinäkuuta 2007 @ 12:28 |
Linkki tähän viestiin
|
Lataa SmitfraudFix (by S!Ri) työpöydällesi.
Tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.
**Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.
Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
==========
Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.
Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.
Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.
Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".
Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.
==========
Laita molempien kohtien lokit, myös uusi HJTlogi
|
Member
|
14. heinäkuuta 2007 @ 13:12 |
Linkki tähän viestiin
|
Tässä siis SmitfraudFix in logi ennen vikasieto tilassa käynnistämistä:
SmitFraudFix v2.204
Scan done at 16:54:03,09, la 14.07.2007
Run from C:\Documents and Settings\acer\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsrw.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\PROGRA~1\DNANET~1\ANTI-S~1\fsaw.exe
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\surzzh.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\acer
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\acer\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\acer\Suosikit
C:\DOCUME~1\acer\Suosikit\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\PornoPlayer\ FOUND !
C:\Program Files\Video ActiveX Access\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cfda6372-043c-48d2-ba3c-7bfe1cf71854}"="inscenation"
[HKEY_CLASSES_ROOT\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
@="C:\WINDOWS\system32\surzzh.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
@="C:\WINDOWS\system32\surzzh.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Paketinajoituksen miniportti
DNS Server Search Order: 213.141.96.254
DNS Server Search Order: 213.141.96.253
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B25F310-39A6-42D7-8620-240078AD436B}: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B25F310-39A6-42D7-8620-240078AD436B}: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4B25F310-39A6-42D7-8620-240078AD436B}: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.141.96.254 213.141.96.253
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Tässä taas vikasietotilan jälkeinen logi:
SmitFraudFix v2.204
Scan done at 17:01:21,09, la 14.07.2007
Run from C:\Documents and Settings\acer\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cfda6372-043c-48d2-ba3c-7bfe1cf71854}"="inscenation"
[HKEY_CLASSES_ROOT\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
@="C:\WINDOWS\system32\surzzh.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
@="C:\WINDOWS\system32\surzzh.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\surzzh.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\surzzh.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\acer\Suosikit\Online Security Test.url Deleted
C:\Program Files\PornoPlayer\ Deleted
C:\Program Files\Video ActiveX Access\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B25F310-39A6-42D7-8620-240078AD436B}: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B25F310-39A6-42D7-8620-240078AD436B}: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4B25F310-39A6-42D7-8620-240078AD436B}: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.141.96.254 213.141.96.253
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.141.96.254 213.141.96.253
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Sekä viellä uusi HiJack logi:
Logfile of HijackThis v1.99.1
Scan saved at 17:11:08, on 14.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsrw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\PROGRA~1\DNANET~1\ANTI-S~1\fsaw.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\acer\Työpöytä\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {51485676-59A4-4353-AC61-7CB3B6B49465} - C:\WINDOWS\system32\jkkjj.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - C:\WINDOWS\system32\byxxxvt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\fmyfikou.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\dna Nettiturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\viedsnih.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.22\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: bw+0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {90A0C9C2-5946-443D-904B-48B39E0A67AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxxxvt - C:\WINDOWS\SYSTEM32\byxxxvt.dll
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\system32\jkkjj.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
Auttaja
Suspended permanently
|
14. heinäkuuta 2007 @ 13:27 |
Linkki tähän viestiin
|
Juup, aja vikasietotilassa ja sitten uusi hjt logi(normaalitilassa), vikasiedossa poistuminen vasta tapahtuu
|
Member
|
14. heinäkuuta 2007 @ 13:33 |
Linkki tähän viestiin
|
|
Nyt en oikein tajunnut mitä pitää tehdä :D
|
|
Auttaja
Suspended permanently
|
14. heinäkuuta 2007 @ 13:52 |
Linkki tähän viestiin
|
Miun moka, tässä uudet ohjeet :)
Avaa ohjauspaneelin lisää/poista sovellus
poista
shopreport(jos on)
logitech dekstop messenger (jos haluat)
======
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
|
Member
|
14. heinäkuuta 2007 @ 14:14 |
Linkki tähän viestiin
|
Tässä ComboFixin logi:
"acer" - 2007-07-14 18:02:08 - ComboFix 07-07-14.6 - Service Pack 2 FAT32
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\mljhfda.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\nqumhwce.dll
C:\WINDOWS\system32\qjocsasj.dll
C:\WINDOWS\system32\shdruxap.dll
C:\WINDOWS\system32\tluighyw.dll
C:\WINDOWS\system32\viedsnih.dll
C:\WINDOWS\system32\qopacigg.dll
C:\WINDOWS\system32\latonwre.dll
C:\WINDOWS\system32\fmyfikou.dll
C:\WINDOWS\system32\mljhfda.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\paxurdhs.ini
C:\WINDOWS\system32\wyhgiult.ini
C:\WINDOWS\system32\hinsdeiv.ini
C:\WINDOWS\system32\byxxxvt.dll
C:\WINDOWS\system32\byxxxvt.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\DOWNLO~1\UERSJ_0001_N68M0902NetInstaller.exe
C:\WINDOWS\system32\snwsyonp.exe
C:\WINDOWS\system32\uqvketvq.exe
C:\WINDOWS\system32\xwmanihy.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NWSAPAGENT
-------\nm
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))
2007-07-14 18:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 22:21 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-07-10 15:19 d--hs---- C:\FOUND.010
2007-07-07 17:29 23,552 --a------ C:\WINDOWS\system32\drivers\habu.sys
2007-07-07 17:29 14,592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys
2007-07-07 17:29 d-------- C:\Program Files\Razer
2007-07-06 21:00 d-------- C:\Program Files\SpeedFan
2007-07-06 13:08 d-------- C:\Program Files\Common Files\Skype
2007-07-06 12:50 d-------- C:\Program Files\Skype
2007-07-06 12:50 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-07-04 23:06 266,272 --a------ C:\WINDOWS\system32\jkhfg.dll
2007-07-04 20:13 266,272 --a------ C:\WINDOWS\system32\ddaya.dll
2007-07-04 18:12 266,272 --a------ C:\WINDOWS\system32\pmkhg.dll
2007-07-04 17:12 266,272 --a------ C:\WINDOWS\system32\awvtr.dll
2007-07-04 16:12 266,272 --a------ C:\WINDOWS\system32\mljge.dll
2007-07-04 14:00 d-------- C:\Program Files\Share_Accelerator_MM
2007-07-04 13:53 d-------- C:\Program Files\Incomplete
2007-07-04 13:52 d-------- C:\DOCUME~1\acer\Shared
2007-07-04 13:52 d-------- C:\DOCUME~1\acer\Incomplete
2007-07-04 13:51 d-------- C:\Program Files\LimeWire
2007-07-04 13:51 d-------- C:\DOCUME~1\acer\APPLIC~1\LimeWire
2007-07-04 11:56 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-07-04 11:56 2,587 --a------ C:\WINDOWS\mozver.dat
2007-07-02 19:45 d-------- C:\Program Files\ATITool
2007-06-29 19:12 d-------- C:\Program Files\Lavalys
2007-06-24 00:29 d-------- C:\Program Files\ElcomSoft
2007-06-23 23:12 d-------- C:\Program Files\RAR Password Cracker
2007-06-20 13:23 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-06-20 13:23 d-------- C:\DOCUME~1\acer\APPLIC~1\Logitech
2007-06-20 13:19 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-06-20 13:18 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-06-20 13:18 71,680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-06-20 13:18 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-06-20 13:18 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-06-20 13:18 36,736 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-06-20 13:18 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-06-20 13:18 27,264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-06-20 13:18 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-06-20 13:18 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-06-20 13:18 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-06-14 12:05 d-------- C:\Program Files\Resource Tuner
2007-06-14 12:05 d-------- C:\DOCUME~1\acer\APPLIC~1\Resource Tuner
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-14 14:01:30 4,308 ----a-w C:\WINDOWS\system32\tmp.reg
2007-07-08 16:19:00 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-07-07 18:26:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-09 10:23:50 -------- d-----w C:\Program Files\SystemRequirementsLab
2007-06-09 10:23:18 -------- d-----w C:\DOCUME~1\acer\APPLIC~1\SystemRequirementsLab
2007-06-08 16:37:10 -------- d-----w C:\DOCUME~1\acer\APPLIC~1\Turbine
2007-06-07 15:08:40 -------- d-----w C:\Program Files\Common Files\Nero
2007-06-07 15:07:14 -------- d-----w C:\Program Files\Ahead
2007-05-28 06:35:16 -------- d-----w C:\Program Files\CDisplay
2007-05-26 21:06:06 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-26 20:26:26 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-26 20:22:44 -------- d-----w C:\Program Files\CCleaner
2007-05-26 12:21:52 7,262 ----a-w C:\dnsbak.reg
2007-05-20 13:56:20 -------- d-----w C:\Program Files\Common Files\Stardock
2007-05-20 13:56:20 -------- d-----w C:\Program Files\AlienGUIse
2007-05-17 12:55:30 -------- d-----w C:\DOCUME~1\acer\APPLIC~1\WinRAR
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-12-21 10:48:06 2,321 ----a-w C:\Program Files\NILE.lnk
2006-12-21 10:35:46 6,199,809 ----a-w C:\Program Files\JOTR_NILE_082604_xx.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}]
2007-05-27 13:17 1326104 --a------ C:\Program Files\Share_Accelerator_MM\tbShar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
2005-12-09 16:22 786656 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-04-07 00:02 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2006-02-14 20:05 1191424 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
2006-01-06 16:47 847608 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 16:42 C:\WINDOWS\soundman.exe]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"nwiz"="nwiz.exe" [2005-11-17 19:31 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 16:07]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 13:48]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 16:21]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19]
"F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.exe" [2005-10-26 04:51]
"F-Secure TNB"="C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" [2005-07-18 17:51]
"F-Secure Startup Wizard"="C:\Program Files\dna Nettiturva\FSGUI\FSSW.exe" [2005-10-18 11:29]
"News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 05:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-02 20:39]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2006-08-23 11:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-12-13 15:13]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll --a------ 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\autorun.exe
directx\command- J:\DirectX9\dxsetup.exe
setup\command- J:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\Installer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
AutoRun\command- N:\Install.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
AutoRun\command- O:\OblivionLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\T]
AutoRun\command- T:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-07-14 08:22:24 C:\WINDOWS\tasks\Scheduled scanning task.job
2007-07-14 14:15:00 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 18:11:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-14 18:13:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-14 18:13
C:\ComboFix2.txt ... 2007-04-21 21:51
--- E O F ---
|
|
Auttaja
Suspended permanently
|
14. heinäkuuta 2007 @ 14:27 |
Linkki tähän viestiin
|
Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:
Lainaus:
File::
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\mljge.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Tallenna se nimellä CFScript. (Tarkista että on juuri noin kirjoitettu)
Sitten raahaa CFScript ComboFix.exeen kuten alla.
Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
=======
Laita myös uusi HijackThis logi
|
Member
|
14. heinäkuuta 2007 @ 14:36 |
Linkki tähän viestiin
|
tässä comboFixin logi:
"acer" - 2007-07-14 18:30:51 - ComboFix 07-07-14.6 - Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\acer\Ty?p?yt?\CFScript..txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\pmkhg.dll
((((((((((((((((((((((((( Files Created from 2007-06-14 to 2007-07-14 )))))))))))))))))))))))))))))))
2007-07-14 18:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 22:21 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-07-10 15:19 d--hs---- C:\FOUND.010
2007-07-07 17:29 23,552 --a------ C:\WINDOWS\system32\drivers\habu.sys
2007-07-07 17:29 14,592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys
2007-07-07 17:29 d-------- C:\Program Files\Razer
2007-07-06 21:00 d-------- C:\Program Files\SpeedFan
2007-07-06 13:08 d-------- C:\Program Files\Common Files\Skype
2007-07-06 12:50 d-------- C:\Program Files\Skype
2007-07-06 12:50 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-07-04 14:00 d-------- C:\Program Files\Share_Accelerator_MM
2007-07-04 13:53 d-------- C:\Program Files\Incomplete
2007-07-04 13:52 d-------- C:\DOCUME~1\acer\Shared
2007-07-04 13:52 d-------- C:\DOCUME~1\acer\Incomplete
2007-07-04 13:51 d-------- C:\Program Files\LimeWire
2007-07-04 13:51 d-------- C:\DOCUME~1\acer\APPLIC~1\LimeWire
2007-07-04 11:56 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-07-04 11:56 2,587 --a------ C:\WINDOWS\mozver.dat
2007-07-02 19:45 d-------- C:\Program Files\ATITool
2007-06-29 19:12 d-------- C:\Program Files\Lavalys
2007-06-24 00:29 d-------- C:\Program Files\ElcomSoft
2007-06-23 23:12 d-------- C:\Program Files\RAR Password Cracker
2007-06-20 13:23 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-06-20 13:23 d-------- C:\DOCUME~1\acer\APPLIC~1\Logitech
2007-06-20 13:19 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-06-20 13:18 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-06-20 13:18 71,680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-06-20 13:18 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-06-20 13:18 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-06-20 13:18 36,736 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-06-20 13:18 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-06-20 13:18 27,264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-06-20 13:18 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-06-20 13:18 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-06-20 13:18 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-06-14 12:05 d-------- C:\Program Files\Resource Tuner
2007-06-14 12:05 d-------- C:\DOCUME~1\acer\APPLIC~1\Resource Tuner
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-14 14:01:30 4,308 ----a-w C:\WINDOWS\system32\tmp.reg
2007-07-08 16:19:00 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-07-07 18:26:08 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-09 10:23:50 -------- d-----w C:\Program Files\SystemRequirementsLab
2007-06-09 10:23:18 -------- d-----w C:\DOCUME~1\acer\APPLIC~1\SystemRequirementsLab
2007-06-08 16:37:10 -------- d-----w C:\DOCUME~1\acer\APPLIC~1\Turbine
2007-06-07 15:08:40 -------- d-----w C:\Program Files\Common Files\Nero
2007-06-07 15:07:14 -------- d-----w C:\Program Files\Ahead
2007-05-28 06:35:16 -------- d-----w C:\Program Files\CDisplay
2007-05-26 21:06:06 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-26 20:26:26 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-26 20:22:44 -------- d-----w C:\Program Files\CCleaner
2007-05-26 12:21:52 7,262 ----a-w C:\dnsbak.reg
2007-05-20 13:56:20 -------- d-----w C:\Program Files\Common Files\Stardock
2007-05-20 13:56:20 -------- d-----w C:\Program Files\AlienGUIse
2007-05-17 12:55:30 -------- d-----w C:\DOCUME~1\acer\APPLIC~1\WinRAR
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 19:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 19:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-12-21 10:48:06 2,321 ----a-w C:\Program Files\NILE.lnk
2006-12-21 10:35:46 6,199,809 ----a-w C:\Program Files\JOTR_NILE_082604_xx.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}]
2007-05-27 13:17 1326104 --a------ C:\Program Files\Share_Accelerator_MM\tbShar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
2005-12-09 16:22 786656 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-04-07 00:02 323904 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2006-02-14 20:05 1191424 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
2006-01-06 16:47 847608 --a------ C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 16:42 C:\WINDOWS\soundman.exe]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"nwiz"="nwiz.exe" [2005-11-17 19:31 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 16:07]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 13:48]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 16:21]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19]
"F-Secure Manager"="C:\Program Files\dna Nettiturva\Common\FSM32.exe" [2005-10-26 04:51]
"F-Secure TNB"="C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" [2005-07-18 17:51]
"F-Secure Startup Wizard"="C:\Program Files\dna Nettiturva\FSGUI\FSSW.exe" [2005-10-18 11:29]
"News Service"="C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe" [2005-05-31 15:45]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 05:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-02 20:39]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2006-08-23 11:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 20:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-12-13 15:13]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll --a------ 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\autorun.exe
directx\command- J:\DirectX9\dxsetup.exe
setup\command- J:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\Installer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
AutoRun\command- N:\Install.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
AutoRun\command- O:\OblivionLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\T]
AutoRun\command- T:\setup.exe
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-07-14 08:22:24 C:\WINDOWS\tasks\Scheduled scanning task.job
2007-07-14 15:15:02 C:\WINDOWS\tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-14 18:32:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-14 18:33:29
C:\ComboFix-quarantined-files.txt ... 2007-07-14 18:33
C:\ComboFix3.txt ... 2007-04-21 21:51
C:\ComboFix2.txt ... 2007-07-14 18:13
--- E O F ---
Ja tässä uusi HiJack logi:
Logfile of HijackThis v1.99.1
Scan saved at 18:35:43, on 14.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsrw.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\DNANET~1\ANTI-S~1\fsaw.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\acer\Työpöytä\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\dna Nettiturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
Auttaja
Suspended permanently
|
14. heinäkuuta 2007 @ 15:51 |
Linkki tähän viestiin
|
Tallenna nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.
==========
Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
Tässä ohje miten merkataan:
==========
1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!
[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
2. [*]Käynnistä AVG eAnti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä tietokone vikasietotilaan:
HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.
==========
Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:
Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille
==========
Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"
Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.
Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
==========
Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
==========
Lataa Deckard's System Scanner Työpöydällesi.
Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.
[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
Myös AVG as raportti
|
Member
|
14. heinäkuuta 2007 @ 19:20 |
Linkki tähän viestiin
|
tässä dss tekemät logit:
Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6
CPU 0: AMD Athlon(tm) 64 Processor 3400+
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1022.48 MiB / 483.81 MiB
Pagefile Memory (total/avail): 2459.45 MiB / 1939.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1954.49 MiB
C: is Fixed (FAT32) - 114.22 GiB total, 15.9 GiB free.
D: is Fixed (FAT32) - 114.71 GiB total, 81.45 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (CDFS)
K: is CDROM (CDFS)
L: is CDROM (CDFS)
M: is CDROM (No Media)
N: is CDROM (UDF)
O: is CDROM (UDF)
P: is CDROM (No Media)
Q: is CDROM (No Media)
R: is CDROM (No Media)
T: is CDROM (CDFS)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Lumo Nettiturva 6.15 v6.15 (F-Secure Corporation)
AV: Lumo Nettiturva 6.15 v6.15 (F-Secure Corporation)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe"="C:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe:*:Enabled:lotroclient.exe"
"C:\\Program Files\\dna Nettiturva\\backweb\\4653381\\Program\\fspex.exe"="C:\\Program Files\\dna Nettiturva\\backweb\\4653381\\Program\\fspex.exe:*:Enabled:dna Nettiturva"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:*:Enabled:Media Synchronizer"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\acer\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-7BF6611A01
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\acer
LOGONSERVER=\\ACER-7BF6611A01
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\THRIXXX\3D SexVilla;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\acer\LOCALS~1\Temp
TMP=C:\DOCUME~1\acer\LOCALS~1\Temp
USERDOMAIN=ACER-7BF6611A01
USERNAME=acer
USERPROFILE=C:\Documents and Settings\acer
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
acer (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\dna Nettiturva\fsuninst.exe" /UninstRegKey:"News Service"
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Euroword2004\ST6UNST.000"
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAB2EE2E-EF1F-4410-BA50-C3BFBE651F92}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eConsole --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}\setup.exe" -l0xb
Acer eMode Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}\setup.exe" -l0xb
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Advanced RAR Password Recovery (remove only) --> C:\Program Files\ElcomSoft\ARPR\uninstall.exe
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0xb
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Automaattiset valikot (Windows Live Toolbar) --> MsiExec.exe /X{F4D41310-D167-41F9-B3C0-0E6E6CF95B78}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP150 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Creative Mass Storage Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Nano Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove
Croc 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fox\Croc 2\Uninst.isu"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DOOM II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DOOM II\DOOM II\DOOMII.isu"
Doomsday Engine 1.9.0-beta4 --> "C:\Program Files\Doomsday\unins000.exe"
DVD Rebuilder --> "C:\Program Files\DVD-RB PRO\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Euroword 2004 Pro --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Euroword2004\ST6UNST.LOG"
EVEREST Corporate Edition v4.00 --> "C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
EVEREST Ultimate Edition v3.00 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Flatout 2 (RE) --> MsiExec.exe /I{AF7486F0-B276-41D7-AB7E-94042C2ECCFC}
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
GTK+ 2.8.9 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hotfix-päivitys Windows XP:lle (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix-päivitys Windows XP:lle (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
ImageShack Toolbar for Internet Explorer --> MsiExec.exe /I{CE1F9C01-3427-4590-8457-53CE02ACDC80}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1035
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\setup.exe" -l0x9
Kellogg's FROSTIES GR-R-RAND PRIX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{766EFF4A-D9A3-46F8-8159-DE2A7BC3816B}\setup.exe" -l0x9
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
LimeWire PRO 4.13.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{648F9C94-EC44-487B-9DA4-44ED72A082CC}\setup.exe" -l0xb
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0xb -removeonly
Lumo Nettiturva --> C:\PROGRA~1\DNANET~1\Common\fsbwih.exe /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mount&Blade --> C:\Program Files\Mount&Blade\uninstall.exe
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
Music Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9
Need for Speed? Carbon --> C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Need for Speed? Most Wanted --> C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nile --> MsiExec.exe /I{D7DF9A90-2550-42E5-8DF6-F6754278F654}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NTI HomeVideo-Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}\setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PunkBuster for Joint Operations: Typhoon Rising --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}\setup.exe" -l0x9
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1035
RAR Password Cracker 4.12 --> C:\Program Files\RAR Password Cracker\uninstall.exe
Razer Habu Config --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}\setup.exe" -l0x9 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0xb -removeonly
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Resource Tuner 1.99 --> "C:\Program Files\Resource Tuner\unins000.exe"
Rise and Fall Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBDAACDF-D405-48EF-B803-EA44CDB68455}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Selaus välilehtiä käyttäen (Windows Live Toolbar) --> MsiExec.exe /X{E998BBC8-DDF8-4309-90BE-943EBAA21DDF}
Share Accelerator MM Toolbar --> C:\PROGRA~1\SHARE_~1\UNWISE.EXE C:\PROGRA~1\SHARE_~1\INSTALL.LOG
Skype? Beta 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony PSP Media Manager 1.0 --> MsiExec.exe /X{ECB74828-944D-473A-BF6E-FBF596166815}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spyware Doctor 3.5 --> "C:\Program Files\Spyware Doctor\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sqirlz Lite --> C:\WINDOWS\Sqirlz Lite Uninstaller.exe
Suojauspäivitys Windows XP:lle (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Suomalainen kevätteema Windows XP -käyttöjärjestelmälle --> MsiExec.exe /X{A902FF83-3CFE-47AA-AEEF-CEB317F08D5F}
SWAT 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
Syötteen tunnistus (Windows Live Toolbar) --> MsiExec.exe /X{E21EFD13-360A-428F-B0E4-A3BAB8E6EBDC}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Lord of the Rings Online?: Shadows of Angmar? v07.12.30.70 --> "C:\Program Files\Codemasters\The Lord of the Rings Online\unins000.exe"
TUGZip 3.4 --> "C:\Program Files\TUGZip\unins000.exe"
Ultra Screen Saver Maker --> "C:\Program Files\Ultra Screen Saver Maker\Uninstall.exe" "C:\Program Files\Ultra Screen Saver Maker\install.log"
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Live Toolbar --> MsiExec.exe /X{2CE1413E-6B0F-4150-8E15-EC8090DFBA81}
Windows Live Toolbarin laajennus (Windows Live Toolbar) --> MsiExec.exe /X{8DCD30AA-7082-4120-9EFE-77E24BA5EA55}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
Worms 4 Mayhem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}\setup.exe" -l0x9 -removeonly
Xpand Rally --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{252436F1-9583-4AD7-AA11-619AFFB96543} /Z"UNINSTALL"
Xtreme Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E742E0-DF42-4685-A210-B26445939248}\setup.exe" -l0x9 -removeonly
-- End of Deckard's System Scanner: finished at 2007-07-14 at 22:54:05 ---------
Deckard's System Scanner v20070711.54
Run by acer on 2007-07-14 at 22:51:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2007-07-14 19:51:46 UTC - RP39 - Deckard's System Scanner Restore Point
2: 2007-07-14 15:00:01 UTC - RP38 - Poistettu Logitech Desktop Messenger
1: 2007-07-14 11:27:59 UTC - RP37 - Järjestelmän tarkistuspiste
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as acer.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:52:43, on 14.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsrw.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\DNANET~1\ANTI-S~1\fsaw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\acer\Työpöytä\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\ilmari\SKANNA~1\acer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\dna Nettiturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dna Nettiturva (BackWeb Plug-in - 4653381) - dna Nettiturva - C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,41
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,33
.txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,35
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys
R0 giveio - c:\windows\system32\giveio.sys
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys
R0 speedfan - c:\windows\system32\speedfan.sys
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\dna nettiturva\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\dna nettiturva\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\dna nettiturva\anti-virus\win2k\fsrec.sys
R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 catchme - c:\docume~1\acer\locals~1\temp\catchme.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Acer Media Server - "c:\program files\acer\acer econsole\mediaserverservice.exe" Acer Inc.; Acer Media Server>
R2 BackWeb Plug-in - 4653381 (dna Nettiturva) - c:\progra~1\dnanet~1\backweb\4653381\program\servic~1.exe
R2 fsbwsys - "c:\program files\dna nettiturva\backweb\4653381\program\fsbwsys.exe"
R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "c:\program files\dna nettiturva\anti-virus\fsgk32st.exe"
R2 FSMA - "c:\program files\dna nettiturva\common\fsma32.exe"
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\dna nettiturva\fwes\program\fsdfwd.exe"
-- Scheduled Tasks -------------------------------------------------------------
2007-07-14 21:15:02 256 --a------ C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
2007-07-14 11:22:24 568 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job
-- Files created between 2007-06-14 and 2007-07-14 -----------------------------
2007-07-14 21:29:07 0 d-------- C:\Documents and Settings\acer\Application Data\Grisoft
2007-07-14 21:28:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-14 13:42:14 0 dr-h----- C:\Documents and Settings\acer\Recent
2007-07-12 22:21:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-07-10 15:19:58 0 d--hs---- C:\FOUND.010
2007-07-07 17:29:14 14592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys
2007-07-07 17:29:07 0 d-------- C:\Program Files\Razer
2007-07-06 21:00:22 0 d-------- C:\Program Files\SpeedFan
2007-07-06 13:08:02 0 d-------- C:\Program Files\Common Files\Skype
2007-07-06 12:50:42 0 d-------- C:\Program Files\Skype
2007-07-06 12:50:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-07-04 14:00:39 0 d-------- C:\Program Files\Share_Accelerator_MM
2007-07-04 13:53:02 0 d-------- C:\Program Files\Incomplete
2007-07-04 13:52:07 0 d-------- C:\Documents and Settings\acer\Shared
2007-07-04 13:52:06 0 d-------- C:\Documents and Settings\acer\Incomplete
2007-07-04 13:51:52 0 d-------- C:\Documents and Settings\acer\Application Data\LimeWire
2007-07-04 13:51:44 0 d-------- C:\Program Files\LimeWire
2007-07-04 11:56:39 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-07-04 11:56:38 2587 --a------ C:\WINDOWS\mozver.dat
2007-07-02 19:45:02 0 d-------- C:\Program Files\ATITool
2007-06-29 19:12:03 0 d-------- C:\Program Files\Lavalys
2007-06-24 00:29:25 0 d-------- C:\Program Files\ElcomSoft
2007-06-23 23:12:03 0 d-------- C:\Program Files\RAR Password Cracker
2007-06-20 13:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-06-20 13:23:39 0 d-------- C:\Documents and Settings\acer\Application Data\Logitech
2007-06-20 13:18:32 3712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-06-20 13:18:30 53248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-06-20 13:18:30 110592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-06-20 13:18:30 126976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-06-20 13:18:30 155648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-06-14 12:05:36 0 d-------- C:\Documents and Settings\acer\Application Data\Resource Tuner
2007-06-14 12:05:31 0 d-------- C:\Program Files\Resource Tuner
-- Find3M Report ---------------------------------------------------------------
2007-07-14 17:01:30 4308 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-07 21:26:08 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll Sony DADC Austria AG.; >
2007-06-09 13:23:50 0 d-------- C:\Program Files\SystemRequirementsLab
2007-06-09 13:23:18 0 d-------- C:\Documents and Settings\acer\Application Data\SystemRequirementsLab
2007-06-08 19:37:10 0 d-------- C:\Documents and Settings\acer\Application Data\Turbine
2007-06-07 18:08:40 0 d-------- C:\Program Files\Common Files\Nero
2007-06-07 18:07:14 0 d-------- C:\Program Files\Ahead
2007-05-28 09:35:16 0 d-------- C:\Program Files\CDisplay
2007-05-27 00:06:06 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-27 00:06:04 0 d-------- C:\Documents and Settings\acer\Application Data\Mozilla
2007-05-26 23:26:26 0 d-------- C:\Program Files\SpywareBlaster
2007-05-26 23:22:44 0 d-------- C:\Program Files\CCleaner
2007-05-26 15:21:52 7262 --a------ C:\dnsbak.reg
2007-05-20 16:56:20 0 d-------- C:\Program Files\Common Files\Stardock
2007-05-20 16:56:20 0 d-------- C:\Program Files\AlienGUIse
2007-05-17 15:55:30 0 d-------- C:\Documents and Settings\acer\Application Data\WinRAR
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4596013b-6c31-408b-a266-deae5c086dc2} C:\Program Files\Share_Accelerator_MM\tbShar.dll
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"SoundMan"="SOUNDMAN.EXE"
"ntiMUI"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"AspireService"="C:\\Program Files\\Acer\\Acer eMode Management\\AspireService.exe"
"MediaSync"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
"F-Secure Manager"="\"C:\\Program Files\\dna Nettiturva\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\dna Nettiturva\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\dna Nettiturva\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\dna Nettiturva\\FSGUI\\ispnews.exe\""
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Habu"="C:\\Program Files\\Razer\\Habu\\razerhid.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\autorun.exe
Shell\directx\command J:\DirectX9\dxsetup.exe
Shell\setup\command J:\setup.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\Autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
Shell\AutoRun\command L:\Installer.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N]
Shell\AutoRun\command N:\Install.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\T]
Shell\AutoRun\command T:\setup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS
-- End of Deckard's System Scanner: finished at 2007-07-14 at 22:54:05 ---------
Ajoin kyllä tuon AVG anti-spyware ohjelma vikasietotilassa mutta epähuomiossa minulta jäi painamatta tuo "Save report as" painike joten minulla ei nyt AVG n tekemää logia ole mutta jos se on välttämätön voin kyllä ajaa ohjelma uudestaan ja laittaa tuon login sonulle nähtäväksi
|
|
Auttaja
Suspended permanently
|
14. heinäkuuta 2007 @ 19:29 |
Linkki tähän viestiin
|
Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
Tässä ohje miten merkataan:
=======
Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
==========
Uusi Hijackthislogi
|
Member
|
15. heinäkuuta 2007 @ 10:36 |
Linkki tähän viestiin
|
Tässä uusi HijackThis logini:
Logfile of HijackThis v1.99.1
Scan saved at 14:35:45, on 15.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\DNANET~1\backweb\4653381\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsgk32st.exe
C:\Program Files\dna Nettiturva\Anti-Virus\FSGK32.EXE
C:\Program Files\dna Nettiturva\backweb\4653381\program\fsbwsys.exe
C:\Program Files\dna Nettiturva\Common\FSMA32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fssm32.exe
C:\Program Files\dna Nettiturva\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\dna Nettiturva\Common\FCH32.EXE
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\dna Nettiturva\Common\FAMEH32.EXE
C:\Program Files\dna Nettiturva\Anti-Virus\fsqh.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsrw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\dna Nettiturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\dna Nettiturva\Common\FSM32.EXE
C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dna Nettiturva\Anti-Virus\fsav32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\DNANET~1\ANTI-S~1\fsaw.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\dna Nettiturva\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
D:\ilmari\Skannaus ohjelmat\scanner.exe.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\dna Nettiturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\dna Nettiturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\dna Nettiturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\dna Nettiturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dna Nettiturva.lnk = C:\Program Files\dna Nettiturva\backweb\4653381\Program\fspex.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\dna Nettiturva\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
|
|
Mainos
|
|
|
|
Auttaja
Suspended permanently
|
15. heinäkuuta 2007 @ 11:13 |
Linkki tähän viestiin
|
Pysy puhtaana
-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.
-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.
-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas
-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas
-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.
-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.
-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm
->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.
->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI
Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!
|
|
