AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
perjantai 1.8.2025 / 00:54
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > miten saan poistettua tiedoston+ hjt-loki
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
Miten saan poistettua tiedoston+ hjt-loki
  Siirry:
 
Kirjoittaja Viesti
pixies
Member

2 tuotearviota
_ 		14. heinäkuuta 2007 @ 13:26 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
"O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"

Tuon haluan ainakin poistaa,mutta kone ei anna. Asensin ohjelman jatuo tuli yllätyksenä mukana+ 5 troijalaistajotka f-secure torjui.Mitäs muutapitää poistaa.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:45, on 14.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7087 bytes
[ + lainaa]
Auttaja
Suspended permanently
_ 		14. heinäkuuta 2007 @ 13:55 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Moi, tuo palvelu on ihan ok. F-secure luultavasti vaan valitti ohjelman mukana tulevasta mainosohjelmasta

=======

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
pixies
Member

2 tuotearviota
_ 		15. heinäkuuta 2007 @ 07:20 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Tämmöstä tuli ulos:

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 511.49 MiB / 160.16 MiB
Pagefile Memory (total/avail): 1249.69 MiB / 934.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 57.24 GiB total, 41.19 GiB free.
D: is Fixed (NTFS) - 57.25 GiB total, 14.13 GiB free.
E: is CDROM (Unformatted)
F: is CDROM (Unformatted)
Z: is Fixed (Ext2) - 74.9 GiB total, 55.02 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: F-Secure Internet Security 2006 6.10 v6.10 (F-Secure Corporation)
AV: F-Secure Internet Security 2006 6.10 v6.10 (F-Secure Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"="C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe:*:Enabled:F-Secure 2006"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"="C:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe:*:Enabled:F-Secure 2006"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mikko Itkonen\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIGIMBO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mikko Itkonen
LOGONSERVER=\\MIGIMBO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MIKKOI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MIKKOI~1\LOCALS~1\Temp
USERDOMAIN=MIGIMBO
USERNAME=Mikko Itkonen
USERPROFILE=C:\Documents and Settings\Mikko Itkonen
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mikko Itkonen (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Apple Mobile Device Support -tuki --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DScaler 4.1.15 --> "C:\Program Files\DScaler\unins000.exe"
Ext2 IFS 1.10c for Windows XP --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 130 Ext2Ifs_for_NT501.inf
F-Secure Internet Security 2006 --> C:\PROGRA~1\F-SECU~1\Common\fsbwih.exe /uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Nero 7 --> MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-07-15 at 11:13:56 ---------


Deckard's System Scanner v20070711.54
Run by Mikko Itkonen on 2007-07-15 at 11:11:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-07-15 15:11:56 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2007-07-14 21:13:48 UTC - RP15 - Software Distribution Service 3.0
14: 2007-07-14 20:15:23 UTC - RP14 - Software Distribution Service 3.0
13: 2007-07-14 18:52:09 UTC - RP13 - Installed Nero 7
12: 2007-07-14 18:46:39 UTC - RP12 - Installed DirectX


-- First Restore Point --
1: 2007-07-11 20:50:09 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Mikko Itkonen.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:34, on 15.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mikko Itkonen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mikko Itkonen.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'NETWORK SERVICE')
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7247 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070714-172200-457 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
backup-20070714-172216-920 O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys
R1 Ext2fs - c:\windows\system32\drivers\ext2fs.sys
R1 IfsDrives - c:\windows\system32\drivers\ifsdrives.sys
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure internet security\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure internet security\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure internet security\anti-virus\win2k\fsrec.sys

S3 DSDrv4 - c:\program files\dscaler\dsdrv4.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
R2 BackWeb Plug-in - 4476822 (F-Secure 2006) - c:\progra~1\f-secu~1\backweb\4476822\program\servic~1.exe
R2 fsbwsys - "c:\program files\f-secure internet security\backweb\4476822\program\fsbwsys.exe"
R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "c:\program files\f-secure internet security\anti-virus\fsgk32st.exe"
R2 FSMA - "c:\program files\f-secure internet security\common\fsma32.exe"
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\f-secure internet security\fwes\program\fsdfwd.exe"
R3 fshttps (F-Secure HTTP Server) - "c:\program files\f-secure internet security\fspc\fshttps\fshttps.exe"

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-07-15 11:03:58 568 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job
2007-07-11 17:05:40 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-06-15 and 2007-07-15 -----------------------------

2007-07-15 11:08:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-07-14 17:20:14 0 d-------- C:\Program Files\Trend Micro
2007-07-14 16:56:24 0 dr-h----- C:\Documents and Settings\Mikko Itkonen\Recent
2007-07-14 16:54:08 0 d-------- C:\Program Files\Yahoo!
2007-07-14 16:53:59 0 d-------- C:\Program Files\CCleaner
2007-07-14 16:34:05 0 d-------- C:\Program Files\Alcohol Soft
2007-07-14 16:31:10 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-14 14:58:57 0 d-------- C:\Documents and Settings\Mikko Itkonen\Application Data\Ahead
2007-07-14 14:57:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-07-14 14:52:32 0 d-------- C:\Program Files\Nero
2007-07-14 14:52:32 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-14 14:52:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-14 14:49:40 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-14 14:29:41 0 d-------- C:\Program Files\MagicISO
2007-07-14 06:56:10 0 d-------- C:\Program Files\MSN Messenger
2007-07-14 05:33:33 0 d-------- C:\Program Files\Winamp
2007-07-14 05:09:22 0 d-------- C:\Documents and Settings\Mikko Itkonen\Application Data\F-Secure
2007-07-14 05:01:06 33584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-07-14 05:01:06 70864 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-07-14 05:00:59 1691648 --a------ C:\WINDOWS\system32\winsflte.dll
2007-07-14 05:00:59 1155072 --a------ C:\WINDOWS\system32\winsflt.dll
2007-07-14 05:00:59 1216512 --a------ C:\WINDOWS\system32\cfgmig32.dll
2007-07-14 05:00:59 0 d-------- C:\WINDOWS\rnapxs
2007-07-14 05:00:57 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-07-14 04:58:54 0 d-------- C:\Program Files\F-Secure Internet Security
2007-07-14 04:56:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-07-14 04:52:22 0 d-------- C:\Program Files\BitLord
2007-07-14 04:47:04 0 d-------- C:\Documents and Settings\Mikko Itkonen\Application Data\WinRAR
2007-07-12 13:53:27 200704 --a------ C:\WINDOWS\system32\IfsDrives.dll
2007-07-12 13:53:27 4608 --a------ C:\WINDOWS\system32\drivers\IfsDrives.sys
2007-07-12 13:53:27 132736 --a------ C:\WINDOWS\system32\drivers\ext2fs.sys
2007-07-11 23:43:22 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-11 23:43:12 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-11 23:43:12 0 d-------- C:\WINDOWS\Prefetch
2007-07-11 23:43:11 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-11 23:43:11 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-11 23:43:11 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-07-11 23:43:11 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-11 23:43:11 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-11 23:43:02 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-11 23:43:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-11 23:43:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-07-11 23:43:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-11 23:43:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-11 23:38:49 0 d-------- C:\WINDOWS\system32\xircom
2007-07-11 23:38:49 0 d-------- C:\Program Files\microsoft frontpage
2007-07-11 23:38:31 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-11 23:38:23 0 -rahs---- C:\MSDOS.SYS
2007-07-11 23:38:23 0 -rahs---- C:\IO.SYS
2007-07-11 23:38:23 0 --a------ C:\CONFIG.SYS
2007-07-11 23:38:23 0 --a------ C:\AUTOEXEC.BAT
2007-07-11 23:36:53 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-11 23:36:40 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-11 23:36:39 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-11 23:36:27 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-11 23:36:22 0 d-------- C:\Program Files\Online Services
2007-07-11 23:36:06 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-11 23:35:38 0 d---s---- C:\WINDOWS\Tasks
2007-07-11 23:35:38 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-11 23:35:35 0 d-------- C:\WINDOWS\srchasst
2007-07-11 23:35:34 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-11 23:35:27 0 d-------- C:\Program Files\Movie Maker
2007-07-11 23:35:21 0 d-------- C:\WINDOWS\system32\Restore
2007-07-11 23:34:37 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-11 23:34:19 0 d-------- C:\WINDOWS\Registration
2007-07-11 23:34:03 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-11 23:33:40 0 d-------- C:\Program Files\Windows NT
2007-07-11 23:33:37 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-11 23:33:36 0 d-------- C:\WINDOWS\system32\Com
2007-07-11 19:23:30 0 d--hs---- C:\WINDOWS\Installer
2007-07-11 19:23:29 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-11 19:23:26 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-11 19:23:25 0 dr------- C:\Program Files
2007-07-11 19:23:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-11 19:23:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-11 19:23:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-11 19:23:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-11 19:23:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-11 19:23:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-11 19:23:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-11 19:23:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-11 19:23:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-11 19:23:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-11 19:23:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-11 19:23:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-11 19:23:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-11 19:23:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-11 19:23:00 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-11 19:23:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-11 19:22:46 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-11 19:22:46 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-11 19:22:41 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-11 19:22:41 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-11 19:22:40 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-11 19:22:40 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-11 19:22:20 0 d-------- C:\Documents and Settings
2007-07-11 19:22:19 0 d--hs---- C:\System Volume Information
2007-07-11 19:17:49 0 d-------- C:\WINDOWS
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\WinSxS
2007-07-11 19:17:49 0 dr------- C:\WINDOWS\Web
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\twain_32
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\wins
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\wbem
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\usmt
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\spool
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\Setup
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\ras
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\oobe
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\npp
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\mui
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\IME
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\ias
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\export
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\drivers
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-11 19:17:49 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\config
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\3076
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\2052
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\1054
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\1042
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\1041
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\1037
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\1033
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\1031
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\1028
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system32\1025
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\system
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\security
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Resources
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\repair
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Provisioning
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\PeerNet
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\pchealth
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\NLDRV
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\mui
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\msapps
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\msagent
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Media
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\java
2007-07-11 19:17:49 0 d--h----- C:\WINDOWS\inf
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\ime
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Help
2007-07-11 19:17:49 0 dr--s---- C:\WINDOWS\Fonts
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\ehome
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Driver Cache
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Debug
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Cursors
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\Config
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\AppPatch
2007-07-11 19:17:49 0 d-------- C:\WINDOWS\addins
2007-07-11 18:51:28 0 d-------- C:\Program Files\DScaler
2007-07-11 18:41:07 0 d-------- C:\Program Files\VideoLAN
2007-07-11 17:22:16 0 d-------- C:\Program Files\Avance Sound Manager
2007-07-11 17:22:14 0 d-------- C:\Program Files\AvRack
2007-07-11 17:22:13 208896 -----n--- C:\WINDOWS\alcupd.exe
2007-07-11 17:22:13 135168 -----n--- C:\WINDOWS\alcrmv.exe
2007-07-11 17:21:38 0 d-------- C:\Program Files\Intel
2007-07-11 17:21:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-11 17:15:38 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-11 17:15:36 0 d--h----- C:\WINDOWS\$hf_mig$
2007-07-11 17:12:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-11 17:12:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-11 17:10:51 1007 --a------ C:\WINDOWS\mozver.dat
2007-07-11 17:10:34 0 d-------- C:\WINDOWS\nview
2007-07-11 17:10:29 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-11 17:10:14 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-11 17:10:09 0 d-------- C:\NVIDIA
2007-07-11 17:08:13 0 d-------- C:\Documents and Settings\Mikko Itkonen\Application Data\Macromedia
2007-07-11 17:06:28 0 d-------- C:\Documents and Settings\Mikko Itkonen\Application Data\Apple Computer
2007-07-11 17:06:19 0 d-------- C:\Program Files\iPod
2007-07-11 17:06:17 0 d-------- C:\Program Files\iTunes
2007-07-11 17:05:52 0 d-------- C:\Program Files\QuickTime
2007-07-11 17:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-07-11 17:05:37 0 d-------- C:\Program Files\Apple Software Update
2007-07-11 17:05:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-11 17:05:19 0 d-------- C:\Program Files\Common Files\Apple
2007-07-11 17:05:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-11 16:54:23 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-11 16:54:20 0 d-------- C:\Documents and Settings\Mikko Itkonen\Application Data\Mozilla
2007-07-11 16:49:30 0 d-------- C:\Documents and Settings\Mikko Itkonen\Application Data\Identities
2007-07-11 16:49:23 0 dr------- C:\Documents and Settings\Mikko Itkonen\Favorites
2007-07-11 16:49:23 0 d-------- C:\Documents and Settings\Mikko Itkonen\Desktop
2007-07-11 16:49:23 0 d---s---- C:\Documents and Settings\Mikko Itkonen\Cookies
2007-07-11 16:49:23 0 dr-h----- C:\Documents and Settings\Mikko Itkonen\Application Data
2007-07-11 16:49:22 0 d--hs---- C:\WINDOWS\CSC
2007-07-11 16:49:22 0 d--h----- C:\Documents and Settings\Mikko Itkonen\Templates
2007-07-11 16:49:22 0 dr------- C:\Documents and Settings\Mikko Itkonen\Start Menu
2007-07-11 16:49:22 0 dr-h----- C:\Documents and Settings\Mikko Itkonen\SendTo
2007-07-11 16:49:22 0 d--h----- C:\Documents and Settings\Mikko Itkonen\PrintHood
2007-07-11 16:49:22 1048576 --ah----- C:\Documents and Settings\Mikko Itkonen\NTUSER.DAT
2007-07-11 16:49:22 0 d--h----- C:\Documents and Settings\Mikko Itkonen\NetHood
2007-07-11 16:49:22 0 dr------- C:\Documents and Settings\Mikko Itkonen\My Documents
2007-07-11 16:49:22 0 d--h----- C:\Documents and Settings\Mikko Itkonen\Local Settings
2007-07-11 16:48:37 0 d-------- C:\WINDOWS\system32\SoftwareDistribution


-- Find3M Report ---------------------------------------------------------------

2007-07-11 19:23:00 62 --ahs---- C:\Documents and Settings\Mikko Itkonen\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SoundMan"="SOUNDMAN.EXE"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-07-15 at 11:13:56 ---------
[ + lainaa]
Mainos
_ 		__
 
_
Auttaja
Suspended permanently
_ 		15. heinäkuuta 2007 @ 07:46 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
kopioi seuraavat rivit esim notepad:in

Lainaus:
@echo off
sc stop StarWindService
sc delete StarWindService
Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot

tuplaklikka hiirellä FIX.BAT :a

poista kansio C:\Program Files\Alcohol Soft\, jos välttämättä haluat tuosta rivistä eroon.

[ + lainaa]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > miten saan poistettua tiedoston+ hjt-loki
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy