|
HJT - tarkastakaa! Kiitos!
|
|
|
EiQ
Suspended due to non-functional email address
|
25. lokakuuta 2007 @ 13:47 |
Linkki tähän viestiin
|
Eli tarkistakaa ja neuvokaa joku asian tunteva, kiitos jo etukäteen!
Käytin kahta eri hjt - versiota (beta ja viimeinen vakaa versio),
mutta kumpaa kannattaa jatkossa käyttää?
BETA:lla otettu logi
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:08:11, on 25.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\Einari\Työpöytä\HiJackThis_v2.0.0.0.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/links.asp?prod=9&SN...dia%20Plus%20v7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 15908 bytes
Vakaalla versiolla otettu logi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:17, on 25.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/links.asp?prod=9&SN...dia%20Plus%20v7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 14406 bytes
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 25. lokakuuta 2007 @ 18:50
|
|
EiQ
Suspended due to non-functional email address
|
25. lokakuuta 2007 @ 18:02 |
Linkki tähän viestiin
|
|
Voisko joku kattoo ton?
Kun kone on ärsyttävän hidas, vaikka ei pitäisi...!
|
|
EiQ
Suspended due to non-functional email address
|
25. lokakuuta 2007 @ 23:06 |
Linkki tähän viestiin
|
|
hei pliis kattokaa tääki :'(
|
|
Hujo
Suspended permanently
|
26. lokakuuta 2007 @ 03:06 |
Linkki tähän viestiin
|
Niin f-secure käytössä ja nortonin rippeitä koneella
aja tuosta
Nortonin poisto työkalu
===================
Lataa Atribunen ATF Cleaner
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)
====================
Javan päivitys ja välimuistin tyhjennys:
1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä: 
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:
http://java.sun.com/javase/downloads/index.jsp
Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2
Paina Download
Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
*Applications and Applets
*Trace and Log Files
Ja paina OK -nappia
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Klikkaa OK jättääksesi Java asetusikkunasi.
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. lokakuuta 2007 @ 03:08
|
|
EiQ
Suspended due to non-functional email address
|
26. lokakuuta 2007 @ 09:29 |
Linkki tähän viestiin
|
Kiitos ohjeista Hujo!
Tein näitten mukaan ja kone toimii taas hyvin, tosin olen saanut pari
erroria näytölle kun avaan koneen (siis jokakerta kun avaan koneen nämä 3 error - ilmoitusta tulee näytölle)
Järjestys:
1. - 
2. - 
3. - 
Myös jotkut sivut netissä (kuten AfterDawn.com :in keskustelupalsta) eivät toimi kunnolla.
Esimerkki tästä topicista : http://img152.imageshack.us/my.php?image=outoa1cz9.jpg
Meniköhän jokin mönkään?
Uusi logi:
Vakaalla versiolla otettu logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:20, on 26.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/links.asp?prod=9&SN...dia%20Plus%20v7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 13807 bytes
BETA:lla otettu logi:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:35:54, on 26.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\FSAUA\program\fsus.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Einari\Työpöytä\HiJackThis_v2.0.0.0.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/links.asp?prod=9&SN...dia%20Plus%20v7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Etätyöpöydän ohjeen istunnonhallinta (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 15309 bytes
Jatkossa kumpi versio käyttöön?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. lokakuuta 2007 @ 09:37
|
|
Hujo
Suspended permanently
|
26. lokakuuta 2007 @ 15:52 |
Linkki tähän viestiin
|
klikkaas näytä > sivun tyylit > oletus tyyli
======================
Tämä versio käyttöön
Trend Micro HijackThis v2.0.2
===================
Voiko tietsikka koskaan toimia?
|
|
EiQ
Suspended due to non-functional email address
|
26. lokakuuta 2007 @ 16:25 |
Linkki tähän viestiin
|
Kiitoksia! Toimii taas!
Mutta nämä käynnistettäessä tulevat errorit vaivaavat vieläkin, jotakin tehtävissä?
Lainaus:
Kiitos ohjeista Hujo!
Tein näitten mukaan ja kone toimii taas hyvin, tosin olen saanut pari
erroria näytölle kun avaan koneen (siis jokakerta kun avaan koneen nämä 3 error - ilmoitusta tulee näytölle)
Järjestys:
1. -
2. -
3. -
|
|
EiQ
Suspended due to non-functional email address
|
26. lokakuuta 2007 @ 22:57 |
Linkki tähän viestiin
|
|
Helppiä tän cmd errorin kanssa pliis!
|
|
Hujo
Suspended permanently
|
27. lokakuuta 2007 @ 11:09 |
Linkki tähän viestiin
|
ajas tuosta
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
" Käynnistä tietokone
" Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
" Seuraavaksi pitäisi ilmestyä valikko
" Valitse valikosta vikasietotila.
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
=================
Latasitko tuon nortonin poistotyökalun ja ajoit sen?
Voiko tietsikka koskaan toimia?
|
|
EiQ
Suspended due to non-functional email address
|
27. lokakuuta 2007 @ 11:10 |
Linkki tähän viestiin
|
|
Koitan noita. Norton on poistettu.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. lokakuuta 2007 @ 11:20
|
|
Hujo
Suspended permanently
|
27. lokakuuta 2007 @ 11:23 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. lokakuuta 2007 @ 12:24
|
|
EiQ
Suspended due to non-functional email address
|
27. lokakuuta 2007 @ 12:26 |
Linkki tähän viestiin
|
Tässä nämä aiemmin pyytämäsi logit:
===================================
SDFix loki
===================================
SDFix: Version 1.112
Run by Einari on la 27.10.2007 at 11:45
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Einari\TYPYT~1\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LieroX_v0.56_Pack_1.9\\LieroX v0.56 Pack 1.9\\LieroX.exe"="C:\\Program Files\\LieroX_v0.56_Pack_1.9\\LieroX v0.56 Pack 1.9\\LieroX.exe:*:Disabled:LieroX"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\\Program Files\\Freeciv-gtk2-2.0.7\\civserver.exe"="C:\\Program Files\\Freeciv-gtk2-2.0.7\\civserver.exe:*:Disabled:civserver"
"C:\\Program Files\\dark-oberon\\doberon.exe"="C:\\Program Files\\dark-oberon\\doberon.exe:*:Disabled:doberon"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Disabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Disabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Disabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Disabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Disabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Disabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\\Documents and Settings\\Einari\\Ty?p?yt?\\LieroX_v0.56_Pack_1.9\\LieroX v0.56 Pack 1.9\\LieroX.exe"="C:\\Documents and Settings\\Einari\\Ty?p?yt?\\LieroX_v0.56_Pack_1.9\\LieroX v0.56 Pack 1.9\\LieroX.exe:*:Disabled:LieroX"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XI.SP1a\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Einari\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Documents and Settings\\Einari\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Documents and Settings\\Einari\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Documents and Settings\\Einari\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\\Documents and Settings\\Einari\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Documents and Settings\\Einari\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Files with Hidden Attributes:
Mon 7 Aug 2006 213 A.SHR --- "C:\BOOT.BAK"
Wed 8 Nov 2006 0 A.SH. --- "C:\Skanneri\SIV79.tmp"
Mon 2 Oct 2006 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sun 21 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 18 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 21 Jan 2007 4,348 ...H. --- "C:\Documents and Settings\Einari\Omat tiedostot\Omat musiikkitiedostot\K?ytt?oikeuden varmuuskopio\drmv1key.bak"
Tue 23 Jan 2007 20 A..H. --- "C:\Documents and Settings\Einari\Omat tiedostot\Omat musiikkitiedostot\K?ytt?oikeuden varmuuskopio\drmv1lic.bak"
Tue 23 Jan 2007 400 A.SH. --- "C:\Documents and Settings\Einari\Omat tiedostot\Omat musiikkitiedostot\K?ytt?oikeuden varmuuskopio\drmv2key.bak"
Finished!
===================================
ja uusi hjt logi
===================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:07, on 27.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sonic.com/links.asp?prod=9&SN...dia%20Plus%20v7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [VIPv3_Auto_Update] C:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XI.SP1a\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 13801 bytes
===================================
scannaan kohta ja lähetän tulokset heti kun valmis
|
|
EiQ
Suspended due to non-functional email address
|
27. lokakuuta 2007 @ 12:44 |
Linkki tähän viestiin
|
|
Skannaan konetta eScanilla juuri nyt...
Värit on kyllä 32-bit.
Kestääkö skannaus kauan?
|
|
Hujo
Suspended permanently
|
27. lokakuuta 2007 @ 12:51 |
Linkki tähän viestiin
|
Se rippuu sintä kuinka paljon on roinaa koneella
Kahesta tunnista eteen päin
sulla on koneella tuo firefox niin viskoisin nuo muut hakukoneet pois koneelta lisää poista sovelutuksesta.
Yahoo! ja kansio pois vikasiedossa
C:\Program Files\Yahoo!
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. lokakuuta 2007 @ 12:52
|
|
EiQ
Suspended due to non-functional email address
|
27. lokakuuta 2007 @ 14:48 |
Linkki tähän viestiin
|
Lainaus, alkuperäisen viestin kirjoitti Hujo:
Se rippuu sintä kuinka paljon on roinaa koneella
Kahesta tunnista eteen päin
sulla on koneella tuo firefox niin viskoisin nuo muut hakukoneet pois koneelta lisää poista sovelutuksesta.
Yahoo! ja kansio pois vikasiedossa
C:\Program Files\Yahoo!
Okei, skannaa vieläkin...
Kertoisitko tarkemmin tuosta cmd:stä? Tärkeää vai ei?
Ja miksi tuo errori tulee?
Ja sitten vielä, että pitääkö minun poistaa vain Yahoo! vai onko muitakin hakukoneita?
|
|
Hujo
Suspended permanently
|
27. lokakuuta 2007 @ 15:07 |
Linkki tähän viestiin
|
|
Yahoo! tuo nyt ainakin
onhan sulla siellä muitakin työkalupalkeja mutta päätä mitä niille teet pidätkö ne vai poistatko.
katellan tuota sitten myöhemmin
C:\WINDOWS\system32\cmd.exe
Voiko tietsikka koskaan toimia?
|
|
EiQ
Suspended due to non-functional email address
|
27. lokakuuta 2007 @ 16:49 |
Linkki tähän viestiin
|
Tässä skannauksen tulos:
File C:\WINDOWS\6-fcd1eba2a03d5087926f018c645030f1.exe tagged as not-a-virus:AdWare.Win32.Beginto.f. No Action Taken.
File C:\WINDOWS\system32\stapeyet.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ay. No Action Taken.
File C:\Program Files\DVD Decrypter\DVDDecrypter.exe infected by "Trojan.Win32.Delf.akh" Virus. Action Taken: File Deleted.
File C:\Program Files\PFG\PFG.006 tagged as not-a-virus:Monitor.Win32.Ardamax.o. No Action Taken.
File C:\Program Files\PFG\PFG.007 tagged as not-a-virus:Monitor.Win32.Ardamax.o. No Action Taken.
File C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP390\A0090920.exe tagged as not-a-virus:AdWare.Win32.OneStep.c. No Action Taken.
File C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP412\A0098405.exe tagged as not-a-virus:AdWare.Win32.OneStep.c. No Action Taken.
File C:\System Volume Information\_restore{7BD41464-2CC7-4899-A278-DFE2F6B620D8}\RP415\A0098843.exe infected by "Trojan.Win32.Delf.akh" Virus. Action Taken: File Deleted.
File C:\WINDOWS\6-fcd1eba2a03d5087926f018c645030f1.exe tagged as not-a-virus:AdWare.Win32.Beginto.f. No Action Taken.
File C:\WINDOWS\system32\stapeyet.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ay. No Action Taken.
Menen poistamaan tuon Yahoo!:n kohta...
Eikä tuota eScanin lokia kai tarvitse postittaa?
EDIT: Kuva valmiista skannauksesta:
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. lokakuuta 2007 @ 17:02
|
|
EiQ
Suspended due to non-functional email address
|
27. lokakuuta 2007 @ 18:06 |
Linkki tähän viestiin
|
|
Olen poistanut nyt tuon Yahoo!:n ja odottelen hjelppiä... :D
|
|
EiQ
Suspended due to non-functional email address
|
28. lokakuuta 2007 @ 10:59 |
Linkki tähän viestiin
|
|
Mitäs seuraavaksi??
|
|
EiQ
Suspended due to non-functional email address
|
29. lokakuuta 2007 @ 13:39 |
Linkki tähän viestiin
|
|
Ootko tarkastanu ton login?
|
|
Hujo
Suspended permanently
|
29. lokakuuta 2007 @ 13:43 |
Linkki tähän viestiin
|
1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
|
EiQ
Suspended due to non-functional email address
|
29. lokakuuta 2007 @ 22:24 |
Linkki tähän viestiin
|
Combofix loki:
===========================
ComboFix 07-10-29.1** - Einari 2007-10-29 21:49:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.100 [GMT 2:00]Running from: C:\Documents and Settings\Einari\Työpöytä\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\HbTools.log
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\1387210.sdf
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\hstat\350a.dat
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000048494
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\26340
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27414
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\30438
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32634
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44878
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\57977
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68942
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\727852
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\78600
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\92912
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93899
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\350a.dat
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools_Icons
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools_Icons\games2.ico
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools_Icons\Jamster2.ico
C:\Documents and Settings\Compaq_Omistaja\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\Einari\Application Data\1622527509.exe
C:\Documents and Settings\Einari\Application Data\c3x6p85.exe
C:\Documents and Settings\Einari\Application Data\cy8zehb.exe
C:\Documents and Settings\Einari\Application Data\ifkv0rr.exe
C:\Documents and Settings\Einari\Application Data\inst.exe
C:\Program Files\Common Files\{29EF5~1
C:\Program Files\Common Files\uninstall information
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_COM+_MESSAGES
-------\nm
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-09-28 to 2007-10-29 )))))))))))))))))
.
2007-10-29 21:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 19:13 <KANSIO> d-------- C:\Program Files\Samurize
2007-10-27 10:34 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-10-26 06:47 <KANSIO> d-------- C:\Program Files\Sun
2007-10-26 06:42 <KANSIO> d-------- C:\Program Files\Java
2007-10-26 06:41 <KANSIO> d-------- C:\Program Files\Common Files\Java
2007-10-25 21:34 <KANSIO> d-------- C:\Program Files\themexp
2007-10-25 16:41 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-10-25 13:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-25 10:35 <KANSIO> d-------- C:\escheck
2007-10-25 10:17 <KANSIO> d-------- C:\Downloads
2007-10-25 10:17 <KANSIO> d-------- C:\Bases
2007-10-25 10:15 <KANSIO> d-------- C:\Kaspersky
2007-10-25 08:37 2,145,792 --a------ C:\WINDOWS\system32\netshell.dll
2007-10-21 17:13 <KANSIO> d-------- C:\Program Files\Absolute GIF Optimizer
2007-10-06 21:48 <KANSIO> d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\ATI
2007-10-05 14:16 <KANSIO> d-------- C:\Documents and Settings\Einari\Application Data\ATI
2007-10-05 14:16 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-10-05 14:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-10-05 14:01 <KANSIO> d-------- C:\ATI
2007-10-02 13:24 <KANSIO> d-------- C:\Documents and Settings\Einari\Parts
2007-10-01 20:16 <KANSIO> d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Axialis
2007-10-01 18:17 138 --a------ C:\WINDOWS\system32\VIPuninstall.bat
2007-10-01 18:11 7,176,124 --a------ C:\WINDOWS\system32\VIPv3_EXT.dll
2007-10-01 18:10 <KANSIO> d-------- C:\WINDOWS\VIPv3
2007-10-01 12:31 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-09-30 17:49 <KANSIO> d-------- C:\Program Files\Axialis
2007-09-30 17:49 <KANSIO> d-------- C:\Documents and Settings\Einari\Application Data\Axialis
2007-09-30 09:54 <KANSIO> d-------- C:\Program Files\Common Files\Stardock
2007-09-29 19:20 <KANSIO> d-------- C:\Documents and Settings\Compaq_Omistaja\Application Data\Nero
2007-09-29 18:09 <KANSIO> d-------- C:\Program Files\Torpedo Software
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 06:02 --------- d-----w C:\Program Files\Steam
2007-10-27 10:50 --------- d-----w C:\Program Files\DVD Decrypter
2007-10-27 04:09 --------- d-----w C:\Documents and Settings\Einari\Application Data\Azureus
2007-10-26 05:20 --------- d-----w C:\Documents and Settings\Einari\Application Data\LimeWire
2007-10-25 07:40 --------- d-----w C:\Program Files\iColorFolder
2007-10-22 06:03 --------- d-----w C:\Program Files\Azureus3
2007-10-13 05:46 --------- d-----w C:\Program Files\Google
2007-10-10 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-07 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-07 11:07 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10
2007-10-05 12:11 --------- d-----w C:\Program Files\ATI Technologies
2007-10-05 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-26 11:17 --------- d-----w C:\Documents and Settings\Einari\Application Data\InstallShield
2007-09-26 11:01 --------- d-----w C:\Documents and Settings\Einari\Application Data\Nero
2007-09-26 10:56 --------- d-----w C:\Program Files\Common Files\Nero
2007-09-26 10:51 --------- d-----w C:\Program Files\Nero
2007-09-26 10:51 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-26 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-23 06:28 --------- d-----w C:\Program Files\Last.fm
2007-09-19 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-08-10 13:09 47,360 ----a-w C:\Documents and Settings\Einari\Application Data\pcouffin.sys
2007-08-04 07:40 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-08-03 09:52 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-04-21 14:37 417,792 ----a-w C:\Documents and Settings\Einari\GL4JavbJauGljJNI14.dll
2007-04-08 16:41 106 --sha-w C:\Program Files\desktop.ini
2007-03-24 07:29 376 ----a-w C:\Documents and Settings\Einari\Application Data\wklnhst.dat
2007-03-09 06:59 379 ----a-w C:\Documents and Settings\Einari\Application Data\internaldb1942.dat
2007-03-08 11:14 20,480 ----a-w C:\Documents and Settings\Einari\Application Data\internaldb4827.dat
2007-03-08 11:14 151 ----a-w C:\Documents and Settings\Einari\Application Data\internaldb4782.dat
2007-03-08 11:14 0 ----a-w C:\Documents and Settings\Einari\Application Data\internaldb2391.dat
2007-02-16 17:05 397,312 ----a-w C:\Documents and Settings\Einari\jogl.dll
2007-01-24 12:57 0 ----a-w C:\Documents and Settings\Einari\Application Data\internaldb5436.dat
2007-01-24 12:57 0 ----a-w C:\Documents and Settings\Einari\Application Data\internaldb4604.dat
2007-01-24 12:57 0 ----a-w C:\Documents and Settings\Einari\Application Data\internaldb3902.dat
2007-01-24 12:57 0 ----a-w C:\Documents and Settings\Einari\Application Data\internaldb153.dat
2006-02-19 01:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-10-02 17:54:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-03-06 12:10]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-03-06 12:10]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-24 12:49]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25]
"VIPv3_Auto_Update"="C:\WINDOWS\VIPv3\CheckForUpdates.exe" [2006-09-08 14:54]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 23:00]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-29 11:49]
C:\Documents and Settings\Compaq_Omistaja\Käynnistä-valikko\Ohjelmat\Käynnistys\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 20:21:53]
C:\Documents and Settings\Compaq_Omistaja\Käynnistä-valikko\Ohjelmat\Käynnistys\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 20:21:53]
C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko\Ohjelmat\Käynnistys\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 20:21:53]
C:\Documents and Settings\Einari\Käynnistä-valikko\Ohjelmat\Käynnistys\
Client Default.lnk - C:\Program Files\Samurize\Client.exe [2007-04-07 22:02:08]
Client FinTV.lnk - C:\Program Files\Samurize\Client.exe [2007-04-07 22:02:08]
OneNote 2007 -näyttöleikkeet ja Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 20:21:53]
C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-26 19:20:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command - J:\Autoplay.exe -auto
.
'Ajoitetut tehtävät'-kansion sisältö
"2007-10-29 11:29:40 C:\WINDOWS\Tasks\Scheduled scanning task.job"
"2007-10-29 20:00:47 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 22:14:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-29 22:18:28 - machine was rebooted
.
--- E O F ---
=========================
Mitäs nytten?
|
|
EiQ
Suspended due to non-functional email address
|
30. lokakuuta 2007 @ 22:03 |
Linkki tähän viestiin
|
|
Mitäs seuraavaksi?
|
|
EiQ
Suspended due to non-functional email address
|
2. marraskuuta 2007 @ 21:36 |
Linkki tähän viestiin
|
|
Onkos lokissa pöpöjä?
|
|
Mainos
|
|
|
|
EiQ
Suspended due to non-functional email address
|
7. marraskuuta 2007 @ 14:25 |
Linkki tähän viestiin
|
|
Voisko joku kattoo lokit?
Ja aiemmin mainittu cmd errori vaivaa...
|
