Koneeseen iski virus (ei muistu mikä) f-secure hoiti asiansa, tai niin ainakin luulen. MUTTA netti alkoi katkeilemaan, renew ip ja taas toimii hetken kunnes hukkuu jälleen... mistä tätä kannattasi alkaa selvittä? pistin nyt ton login jos siitä on apua?
f-sucure ei löydä enää mitään,ei myöskään windows defender, s&d, ad aware ja ccleaner.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:20, on 31.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\Tanagra\Memeo\MemeoService.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
D:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
D:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [CTFMon] F:\TOPFIELD\fkl\familykeylogger\asen\CTF\ctfmon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "D:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memeo Launcher.lnk = C:\Documents and Settings\M i k a\Application Data\Microsoft\Installer\{78A39E62-605C-4E8E-9674-31E03BEC29B7}\_8F1B0A23F0AC40B99A091F7F3D92B106.exe
O4 - Global Startup: F-Secure 2006.lnk = D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Block this popup - D:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} -
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - D:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - -C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - -"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Unknown owner - -"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - -"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (file missing)
O23 - Service: Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 11837 bytes

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

===============0

Escan
Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm
lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe
päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat
laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:
Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

kyllähän sieltä jotakin löytyi...


File C:\Documents and Settings\M i k a\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\M i k a\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

Deckard's System Scanner v20070729.57
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3000+
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2046.48 MiB / 1374.41 MiB
Pagefile Memory (total/avail): 2660.42 MiB / 2146.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1952.08 MiB

C: is Fixed (NTFS) - 11.72 GiB total, 0.91 GiB free.
D: is Fixed (FAT32) - 36.11 GiB total, 9.85 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 138.46 GiB total, 15.86 GiB free.
G: is CDROM (No Media)
I: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: F-Secure Internet Security 2006 6.12 v6.12 (F-Secure Corporation)
AV: F-Secure Internet Security 2006 6.12 v6.12 (F-Secure Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\sandra.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcSandraSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcDataSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"="D:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe:*:Enabled:F-Secure 2006"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\BitComet\\BitComet.exe"="D:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Program Files\\DC++\\DCPlusPlus.exe"="D:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\eXeem\\eXeem.exe"="D:\\Program Files\\eXeem\\eXeem.exe:*:Enabled:eXeem"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\sandra.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcSandraSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcDataSrv.exe"="D:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"D:\\Program Files\\ICQLite\\ICQLite.exe"="D:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Pelit\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="D:\\Pelit\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Downloads\\utorrent.exe"="F:\\Downloads\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\M i k a\\Desktop\\Ohjelmat\\utorrent.exe"="C:\\Documents and Settings\\M i k a\\Desktop\\Ohjelmat\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Pelit\\railroad\\RailRoads.exe"="D:\\Pelit\\railroad\\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"F:\\Pelit\\rld-civ4\\peli\\Civilization4.exe"="F:\\Pelit\\rld-civ4\\peli\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"D:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe"="D:\\Program Files\\F-Secure Internet Security\\backweb\\4476822\\Program\\fspex.exe:*:Enabled:F-Secure 2006"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\M i k a\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIKA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\M i k a
include=D:\C++\visual basic 6.0\VC98\atl\include;D:\C++\visual basic 6.0\VC98\mfc\include;D:\C++\visual basic 6.0\VC98\include
lib=D:\C++\visual basic 6.0\VC98\mfc\lib;D:\C++\visual basic 6.0\VC98\lib
LOGONSERVER=\\MIKA
MSDevDir=D:\C++\common\MSDev98
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Borland Shared\Bde;C:\Program Files\ATI Technologies\ATI.ACE\;D:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Adobe\AGL;D:\C++\common\Tools\WinNT;D:\C++\common\MSDev98\Bin;D:\C++\common\Tools;D:\C++\visual basic 6.0\VC98\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MIKA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MIKA~1\LOCALS~1\Temp
USERDOMAIN=MIKA
USERNAME=M i k a
USERPROFILE=C:\Documents and Settings\M i k a
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

M i k a (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> "D:\Program Files\F-Secure Internet Security\fsuninst.exe" /UninstRegKey:"News Service"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "D:\Program Files\uTorrent\uninstall.exe"
ABIT uGuru --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\Setup.exe" -l0x9
AC3Filter (remove only) --> D:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Premiere Elements 3.0 --> msiexec /I {530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0 --> MsiExec.exe /I{530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0 Templates --> MsiExec.exe /I{6EACDDF4-4220-49A3-9204-984C86852C3D}
Adobe Reader 7.0.9 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70900000002}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Aerosoft's - Cape CanaveralX --> C:\Program Files\InstallShield Installation Information\{146DC042-4A22-4BC1-BBBD-16BC8E27E837}\Setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Aerosoft's - Flight Tales I --> C:\Program Files\InstallShield Installation Information\{92B44BC9-B9A1-43F7-ABBC-A197A34A656E}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
AGEIA PhysX v7.05.17 --> MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
AMD Athlon 64 Processor Driver --> MsiExec.exe /X{ABC62001-AD9F-46DB-8668-9946154D6A07}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{22C97984-6A68-4140-872E-B2F5123A7387}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AtomFTP 1.01 --> "D:\Program Files\AtomFTP\unins000.exe"
Audacity 1.2.6 --> "D:\Program Files\Audacity\unins000.exe"
AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe"
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 1942: Secret Weapons of WWII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0xb -removeonly
BSPlayer --> "D:\Program Files\Webteh\BSplayer\uninstall.exe"
Bubble Bobble Nostalgie --> D:\Pelit\Bubble Bobble Nostalgie\uninstal.exe
BUFFALO Power Save Utility for HD --> C:\WINDOWS\UN040525.EXE /U
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
CD-DA X-Tractor v0.24 --> "D:\Program Files\CD-DA X-Tractor\unins000.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CodeVisionAVR Evaluation V1.25.6 --> "d:\cvavreval\unins000.exe"
Colin McRae 2005 Polish language add-on --> C:\WINDOWS\iun6002.exe "C:\Program Files\Colin McRae 2005 Polish language add-on\irunin.ini"
Colin McRae Rally 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC67770B-581D-4E96-B72A-A7907CE18725}\setup.exe" -l0x9
Collab --> D:\Program Files\Image-Line\Collab\uninstall.exe
DC++ 0.674 --> "D:\Program Files\DC++\uninstall.exe"
devicom - PC·PRO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{125466EC-8965-11D4-A771-00105A6811B6}\Setup.exe"
DH Driver Cleaner Professional Edition --> D:\Program Files\Driver Cleaner Pro\Uninstall.exe
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivXG400 --> "C:\WINDOWS\IPUI_DivXG400.exe" /U /D
Driver: Parallel Lines --> C:\Program Files\InstallShield Installation Information\{31CB0D80-1866-462A-9455-88614410971F}\setup.exe -runfromtemp -l0x0009 -removeonly
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
F-Secure Internet Security 2006 --> D:\PROGRA~1\F-SECU~1\Common\fsbwih.exe /uninstall
ffdshow [rev 756] [2007-01-09] --> "D:\Program Files\ffdshow\unins000.exe"
FL Studio 6 --> D:\Program Files\Image-Line\FL Studio 6\uninstall.exe
Free DWG Viewer 5.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly
FTP - Server for Topfield 1.16 --> "D:\Program Files\ftp4t\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Gliderman --> "C:\WINDOWS\system32\SpoonUninstall.exe" C:\WINDOWS\system32\SpoonUninstall-Gliderman.dat
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTR 2 1.0.0.0 --> "D:\Pelit\GTR2\Support\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ 5 --> D:\Program Files\ICQLite\ICQLiteUninstall.EXE
Ifi Tilausohjelma 3.5 --> D:\Program Files\Ifi\OrderClient35\Uninstall.exe
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Intel\Indeo\Uninst.isu" -c"D:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinRip --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D32D4182-DE6C-457E-838C-8D7B9CE332BA}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0xb UNINSTALL -removeonly
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Logitech Harmony Remote Client --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9233F6E2-952D-48C5-A0A2-FA6AEEFA8194} /l1033
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
MechWarrior 4 Mercenaries --> "C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\UNINSTAL.EXE" /runtemp /addremove
MediaLife --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{362BFFCD-8274-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Memeo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{78A39E62-605C-4E8E-9674-31E03BEC29B7}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 6.0 Enterprise Edition --> "D:\C++\common\Setup\1033\Setup.exe"
Microsoft Works 2000 --> MsiExec.exe /I{FB1BC4E2-766F-11D3-AF55-00C04F443448}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mobile Phone Suite Easy Synchronization --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC134D03-97F1-45B9-B32A-52E885AFA895}\setup.exe" -l0x9
MOV Converter 1.01 --> "D:\Program Files\Boilsoft MOV Converter\unins000.exe"
Mozilla Firefox (2.0.0.6) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Multisim 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98E28570-B754-40B0-8B14-E242CB879EC5}\SETUP.exe" -l0x9 -removeonly
Namco Museum 50th Anniversary --> MsiExec.exe /X{2FCAB582-E6F9-45AF-988D-869015108473}
Native Instruments Traktor DJ Studio v3.0.2.098 --> D:\PROGRA~1\TRAKTOR\TRAKTO~1\UNWISE.EXE D:\PROGRA~1\TRAKTOR\TRAKTO~1\INSTALL.LOG
Nero 6 Ultra Edition --> D:\Program Files\NERO\nero\uninstall\UNNERO.exe /UNINSTALL
NetLimiter 1.30 (remove only) --> "D:\Program Files\NetLimiter\nluninst.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_web.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Nokia Software Updater --> MsiExec.exe /X{6048DBA0-30EF-4DED-8818-B5E4C7418A89}
Nvu 1.0 --> "D:\Program Files\Nvu\unins000.exe"
Paint.NET v3.0 --> MsiExec.exe /X{816A0870-6EC0-4DFF-B97C-E2CF820D7D6C}
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "D:\Program Files\PeerGuardian2\unins000.exe"
Picasa 2 --> "D:\Program Files\Picasa2\Uninstall.exe"
PowerISO --> "D:\Program Files\PowerISO\uninstall.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PunkBuster for Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Room Arranger (remove only) --> "D:\Program Files\Room Arranger\uninstall.exe"
ScummVM 0.9.1 --> "D:\Program Files\ScummVM\unins000.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sid Meier's Railroads! --> C:\Program Files\InstallShield Installation Information\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}\setup.exe -runfromtemp -l0x0009 -removeonly
SiSoftware Sandra Lite 2005 (Win64/32/CE) --> "D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\unins000.exe"
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony Photo Manager --> MsiExec.exe /I{CBCF7AA4-9ADB-468A-AAF5-AE6B62DD9103}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SpeedFan (remove only) --> "D:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2 --> "D:\Program Files\Teamspeak2_RC2\unins001.exe"
Test Drive Unlimited --> MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
TG Editor --> F:\Pelit\TRANSP~1\peli\\UNWISE.EXE F:\Pelit\TRANSP~1\peli\\INSTALL.LOG
Time Adjuster v2.9 (STANDARD) --> D:\Program Files\Sub Adjust\TimeAdjuster\uninstall.exe
TrackMania United DVD Patch 2006-12-15 --> "D:\Pelit\Trackmania\TrackMania United\unins000.exe"
Transport Giant GOLD --> MsiExec.exe /I{A248972D-94ED-43EB-9BEF-284C9921FE2B}
VIA Integrated Setup Wizard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WINXP SP2 TCP Fix --> C:\PROGRA~1\WINXPS~1\UNWISE.EXE C:\PROGRA~1\WINXPS~1\INSTALL.LOG
Virtual DJ - Atomix Productions --> D:\PROGRA~1\VIRTUA~1\UNWISE.EXE D:\PROGRA~1\VIRTUA~1\INSTALL.LOG
XML Paper Specification Shared Components Pack 1.0 -->
XviD MPEG-4 Video Codec --> "D:\Program Files\XviD\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-08-02 at 16:36:37 ---------








Deckard's System Scanner v20070729.57
Run by M i k a on 2007-08-02 at 16:32:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-08-02 13:32:39 UTC - RP842 - Deckard's System Scanner Restore Point
11: 2007-08-02 12:14:49 UTC - RP841 - System Checkpoint
10: 2007-08-01 11:48:21 UTC - RP840 - Software Distribution Service 3.0
9: 2007-07-31 13:22:53 UTC - RP839 - Software Distribution Service 3.0
8: 2007-07-31 12:48:00 UTC - RP838 - Removed Tom Clancy's Ghost Recon Advanced Warfighter® 2


-- First Restore Point --
1: 2007-07-26 08:00:05 UTC - RP831 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as M i k a.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:58, on 2.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\Tanagra\Memeo\MemeoService.exe
D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
D:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
D:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
D:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
D:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Documents and Settings\M i k a\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\M i k a.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure 2006.lnk = D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Block this popup - D:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - D:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - -"C:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - D:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - -C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - -"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - -"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (file missing)
O23 - Service: Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 10692 bytes

-- HijackThis Fixed Entries (D:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070731-151927-783 O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
backup-20070731-151927-178 O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
backup-20070731-151927-930 O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
backup-20070731-151927-752 O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
backup-20070731-151927-705 O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
backup-20070731-151928-735 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
backup-20070731-152010-579 O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
backup-20070731-152100-717 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
backup-20070731-152116-100 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sonera Internet
backup-20070801-091404-706 O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
backup-20070801-091404-748 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20070801-091404-528 O23 - Service: ServiceLayer - Unknown owner - -"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (file missing)

-- File Associations -----------------------------------------------------------

.txt - TXT_File - DefaultIcon - unable to read value
.txt - TXT_File - shell\open\command - notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys
R0 giveio - c:\windows\system32\giveio.sys
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys
R0 uGuru - c:\windows\system32\drivers\uguru.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys
R2 F-Secure Filter (F-Secure File System Filter) - d:\program files\f-secure internet security\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - d:\program files\f-secure internet security\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - d:\program files\f-secure internet security\anti-virus\win2k\fsrec.sys
R2 IOPort - c:\windows\system32\drivers\ioport.sys
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys

S1 atitray - -\??\c:\program files\radeon omega drivers\v3.8.291\ati tray tools\atitray.sys (file missing)
S3 btaudio (Bluetooth-äänilaite) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth-näennäistietoliikenneohjain) - c:\windows\system32\drivers\btport.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys (file missing)
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 cdrmkaun - c:\docume~1\mika~1\locals~1\temp\cdrmkaun.sys (file missing)
S3 DFUBTUSB (WIDCOMM USB Bluetooth Driver in DFU State) - c:\windows\system32\drivers\frmupgr.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys
S3 LHidUsbK (SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys
S3 Memctl - -\??\c:\program files\abit\abit uguru\memctl.sys (file missing)
S3 sdcplh - c:\windows\system32\drivers\sdcplh.sys
S3 TFBULK (Topfield USB client driver) - c:\windows\system32\drivers\tfbulk.sys Topfield Co., Ltd.; >
S3 Via4in1 - c:\docume~1\mika~1\locals~1\temp\pft3~tmp\via4in1.sys (file missing)
S3 Winflash - -\??\c:\program files\abit\abit uguru\winflash.sys (file missing)
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BackWeb Plug-in - 4476822 (F-Secure 2006) - d:\progra~1\f-secu~1\backweb\4476822\program\servic~1.exe
R2 BMUService (Memeo) - "c:\program files\tanagra\memeo\memeoservice.exe"
R2 fsbwsys - "d:\program files\f-secure internet security\backweb\4476822\program\fsbwsys.exe"
R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "d:\program files\f-secure internet security\anti-virus\fsgk32st.exe"
R2 FSMA - "d:\program files\f-secure internet security\common\fsma32.exe"
R2 Logitech Easy Synchronization - c:\program files\logitech\easy synchronization\servicestub.exe
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "d:\program files\f-secure internet security\fwes\program\fsdfwd.exe"
R3 fshttps (F-Secure HTTP Server) - "d:\program files\f-secure internet security\fspc\fshttps\fshttps.exe"

S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - -"c:\program files\bonjour\mdnsresponder.exe" (file missing)
S2 LBTServ (Logitech Bluetooth Service) - -c:\program files\common files\logitech\bluetooth\lbtserv.exe (file missing)
S2 MDM (Machine Debug Manager) - -"c:\program files\common files\microsoft shared\vs7debug\mdm.exe" (file missing)
S2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - -"c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -ssqlexpress (file missing)
S3 FLEXnet Licensing Service - -"c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" (file missing)
S3 gusvc (Google Updater Service) - -"c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 ose (Office Source Engine) - -"c:\program files\common files\microsoft shared\source engine\ose.exe" (file missing)
S3 SQLWriter (SQL Server VSS Writer) - -"c:\program files\microsoft sql server\90\shared\sqlwriter.exe" (file missing)
S3 usnjsvc (Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu) - -"c:\program files\msn messenger\usnsvc.exe" (file missing)
S3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - -"c:\program files\windows media player\wmpnetwk.exe" (file missing)
S4 MSSQLServerADHelper (SQL Server Active Directory Helper) - -"c:\program files\microsoft sql server\90\shared\sqladhlp90.exe" (file missing)
S4 ServiceLayer - -"c:\program files\pc connectivity solution\servicelayer.exe" (file missing)
S4 SQLBrowser (SQL Server Browser) - -"c:\program files\microsoft sql server\90\shared\sqlbrowser.exe" (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-08-02 13:13:55 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-08-02 13:12:03 544 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job
2007-07-27 17:15:00 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2007-07-02 and 2007-08-02 -----------------------------

2007-08-01 20:10:02 0 dr-h----- C:\Documents and Settings\M i k a\Recent
2007-08-01 09:22:45 0 d-------- C:\Kaspersky
2007-07-08 19:33:58 0 d-------- C:\WINDOWS\system32\AGEIA
2007-07-08 19:33:58 0 d-------- C:\Program Files\AGEIA Technologies


-- Find3M Report ---------------------------------------------------------------

2007-08-01 10:43:29 0 d-------- C:\Documents and Settings\M i k a\Application Data\uTorrent
2007-07-31 15:48:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-09 11:37:01 0 d-------- C:\Documents and Settings\M i k a\Application Data\My Games
2007-07-08 19:33:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-05 19:37:29 0 d-------- C:\Program Files\Common Files\Logitech
2007-06-17 10:08:27 0 d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-06-07 15:05:26 1187840 --a------ C:\WINDOWS\system32\winsflt.dll
2007-06-06 13:42:03 0 d-------- C:\Documents and Settings\M i k a\Application Data\Lavasoft
2007-06-06 13:41:49 0 d-------- C:\Program Files\Windows Defender
2007-05-09 15:14:36 1011 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 10:56 C:\WINDOWS\system32\bthprops.cpl]
"Easy Synchronization"="C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [05.10.2005 12:00]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10.05.2006 11:12]
"ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [13.09.2004 14:37]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [23.01.2007 15:44 C:\WINDOWS\KHALMNPR.Exe]
"F-Secure Manager"="D:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [26.10.2005 04:51]
"F-Secure TNB"="D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" [18.07.2005 17:51]
"F-Secure Startup Wizard"="D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.exe" [18.10.2005 11:29]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23.01.2007 15:44 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19.01.2007 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Easy Synchronization"=C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
F-Secure 2006.lnk - D:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe [24.12.2006 22:36:34]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [9.4.2007 20:00:04]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [5.7.2007 19:37:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [05.10.2005 12:00 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 30.01.2007 02:15 65536 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Laajakaista.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2007-08-02 at 16:36:37 ---------

pätkiikö netti viel?

kyllä pätkii.

ip osoite, subnet address, default gateway muuttuu kaikki muotoon 0.0.0.0

Tämä siis välillä kerran pari päivässä , välillä taas vartin välein.

Kun pitäis olla 10.0.03 tai 255.255.255.0 jne... kun cmd:n kautta ipconfig/release ja ipconfig/renew tulee virhe ilmoitus mutta netti kuitenkin alkaa toimia.