Escan:in örkit

eli Escan löysi tollaset örkit. mitä pitäis tehdä?

File C:\PROGRA~1\FASTDO~2\fastdown.exe tagged as not-a-virusorn-Dialer.Win32.ALifeDialer. No Action Taken.
File C:\PROGRA~1\SURFAC~1\SAcc.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\PROGRA~1\FASTDO~2\fastdown.exe tagged as not-a-virusorn-Dialer.Win32.ALifeDialer. No Action Taken.
File C:\PROGRA~1\SURFAC~1\SAcc.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\WINDOWS\system32\mdhomres.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\TEIJA\Local Settings\Temp\gdg171\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\TEIJA\Local Settings\Temp\gdg1BB\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\TUOMAS\Local Settings\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\Cache\9C933101d01 tagged as not-a-virusownloader.Win32.WinFixer.b. No Action Taken.
File C:\Documents and Settings\TUOMAS\Local Settings\Temp\cxtpls_loader.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\TUOMAS\Local Settings\Temp\gdg160\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\TUOMAS\Local Settings\Temp\gdg3\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\TUOMAS\Local Settings\Temp\InstaFinderK_inst.exe tagged as not-a-virus:AdWare.Win32.404Search.h. No Action Taken.
File C:\Documents and Settings\TUOMAS\Local Settings\Temporary Internet Files\Content.IE5\0DYF85E7\WinFixerScannerInstall[1].exe tagged as not-a-virusownloader.Win32.WinFixer.b. No Action Taken.
File C:\Documents and Settings\TUOMAS\Local Settings\Temporary Internet Files\Content.IE5\8LIFKHIN\WinFixerScannerInstall[1].exe tagged as not-a-virusownloader.Win32.WinFixer.b. No Action Taken.
File C:\Documents and Settings\VEERA\Application Data\Mozilla\Firefox\Profiles\8dpoeuu8.default\Cache(4)\9C933101d01 tagged as not-a-virusownloader.Win32.WinFixer.b. No Action Taken.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg1\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg15C\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg15E\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg16F\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg174\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg17F\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg18F\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg1B7\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg1BC\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg1C0\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VEERA\Local Settings\Temp\gdg3\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VILLE\Local Settings\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\Cache\8674A487d01 tagged as not-a-virusownloader.Win32.WinFixer.b. No Action Taken.
File C:\Documents and Settings\VILLE\Local Settings\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\Cache\9C933101d01 tagged as not-a-virusownloader.Win32.WinFixer.b. No Action Taken.
File C:\Documents and Settings\VILLE\Local Settings\Temp\gdg14C\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VILLE\Local Settings\Temp\gdg165\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VILLE\Local Settings\Temp\gdg16B\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VILLE\Local Settings\Temp\gdg173\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VILLE\Local Settings\Temp\gdg177\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VILLE\Local Settings\Temp\gdg1D4\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\VILLE\Local Settings\Temp\gdgFA\index.htm infected by "Backdoor.Win32.DSSdoor.a" Virus. Action Taken: File Renamed.
File C:\Program Files\Adverts\uninst.exe tagged as not-a-virus:AdWare.Win32.Lop.ai. No Action Taken.
File C:\Program Files\fastdownload2\fastdown.exe tagged as not-a-virusorn-Dialer.Win32.ALifeDialer. No Action Taken.
File C:\Program Files\SurfAccuracy\SAcc.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\Program Files\SurfAccuracy\SAccU.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP330\A0125031.exe tagged as not-a-virus:AdWare.Win32.Lop. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162814.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162815.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162816.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162817.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162818.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162819.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162820.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162821.sys infected by "Rootkit.Win32.Agent.ao" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162823.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP379\A0162824.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163805.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163806.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163807.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163808.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163809.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163810.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163811.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163812.sys infected by "Rootkit.Win32.Agent.ao" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163814.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP381\A0163815.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165152.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165153.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165154.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165155.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165156.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165157.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165158.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165159.sys infected by "Rootkit.Win32.Agent.ao" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165161.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165162.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165566.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP382\A0165567.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167106.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167107.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167108.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167109.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167110.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167111.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167112.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167113.sys infected by "Rootkit.Win32.Agent.ao" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167115.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167116.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167517.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167518.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167707.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0167708.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0168062.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP383\A0168063.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174756.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174757.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174758.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174759.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174760.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174761.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174762.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174763.sys infected by "Rootkit.Win32.Agent.ao" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174765.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0174766.exe tagged as not-a-virus:AdWare.Win32.SurfAccuracy.d. No Action Taken.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0175130.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0175131.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0175318.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0175319.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0175698.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0175699.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0175901.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0175902.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0176256.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0176257.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0176444.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0176445.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0176799.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP384\A0176800.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP386\A0187808.dll infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{640E0909-1885-43D1-9BC5-56FD25A5890A}\RP409\A0197913.exe infected by "Trojan.Win32.Crypt.t" Virus. Action Taken: File Deleted.


tos on viel hjt-loki


Logfile of HijackThis v1.99.1
Scan saved at 22:07:30, on 25.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\NetLimiter 2\nlsvc.exe
C:\NORMAN\Bin\Zanda.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\bin\NJEEVES.EXE
C:\NORMAN\Nvc\bin\nvcoas.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\fastdownload2\fastdown.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\NORMAN\bin\ZLH.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\NORMAN\Nvc\bin\cclaw.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [acocash] C:\Program Files\fastdownload2\fastdown.exe -auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\Core Center\CoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2\nlsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

 

Ohjauspaneeli -> lisää/poista sovellus
poista ->
-acocash
-SurfAccuracy
-ErrorGuard

Fixaa (do a system scan -> merkkaa ja paina fix cheked)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [acocash] C:\Program Files\fastdownload2\fastdown.exe -auto
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe



File C:\System Volume Information\_restore:n puhdistat seuraavalla tavalla
-> http://support.f-secure.fi/fin/home/virusproblem/howtoclean/cleansystemrestore.shtml
HUOM! Kaikki edelliset palautukset häviävät.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Vikasietotila>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
(näpyttele f8 koneen käynnistyksen yhteydessä ja valitse vikasietotila)


Poista:
C:\Program Files\-->fastdownload2<--
C:\Program Files\-->SurfAccuracy<--
C:\Program Files\-->ErrorGuard<--

Puhdista kone vielä ewidolla ohjeiden mukaisesti

-> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Näin alkuun...
Lähetä sitten ewidon raportti sekä Uusi hjt loki!

 

lisää/poista sovelluksesta ei löytynyt noita: acocash ja errorguard.
ja sit ton puhdistusta mä en oikeen ymmärtänyt: C:\System Volume Information\_restore:n

 

Sen järjestelmän palautuksen voit puhdistaa näin:

Oma tietokone(klikkaa oikealla) -> ominaisuudet -> järjestelmän palauttaminen -> valitse "ota järjestelmän palauttaminen pois käytöstä". Paina käytä ja käynnistä kone uudelleen. Sitten tee sama juttu uudestaan, mutta ota nyt rasti pois kohdasta "ota järjestelmän palauttaminen pois käytöstä". Huomaa, että tällöin häviävät kaikki aiemmat palautuspisteet!

 

tos on ewidon raportti

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:24:06, 26.12.2005
+ Report-Checksum: E731D8BC

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning
:mozilla.11:C:\Documents and Settings\TEIJA\Application Data\Mozilla\Firefox\Profiles\435x86jl.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.12:C:\Documents and Settings\TEIJA\Application Data\Mozilla\Firefox\Profiles\435x86jl.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned without backup
:mozilla.13:C:\Documents and Settings\TEIJA\Application Data\Mozilla\Firefox\Profiles\435x86jl.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned without backup
:mozilla.24:C:\Documents and Settings\TEIJA\Application Data\Mozilla\Firefox\Profiles\435x86jl.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\TEIJA\Local Settings\Temp\gdg171\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\TEIJA\Local Settings\Temp\gdg1BB\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
:mozilla.18:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.19:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.20:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.21:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.22:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.23:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.24:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.27:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.38:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.39:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.40:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.41:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.42:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.43:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.44:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.45:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.50:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.51:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.57:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.58:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.62:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.70:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.71:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.72:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.73:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned without backup
:mozilla.80:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned without backup
:mozilla.81:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
:mozilla.83:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
:mozilla.85:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.86:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.92:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
:mozilla.93:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
:mozilla.100:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.101:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.102:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.103:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.104:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.107:C:\Documents and Settings\TUOMAS\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
C:\Documents and Settings\TUOMAS\Cookies\tuomas@ad.adocean[2].txt -> Spyware.Cookie.Adocean : Cleaned without backup
C:\Documents and Settings\TUOMAS\Cookies\tuomas@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\TUOMAS\Cookies\tuomas@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Documents and Settings\TUOMAS\Cookies\tuomas@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\TUOMAS\Cookies\tuomas@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\TUOMAS\Cookies\tuomas@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
C:\Documents and Settings\TUOMAS\Cookies\tuomas@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned without backup
C:\Documents and Settings\TUOMAS\Local Settings\Application Data\Mozilla\Firefox\Profiles\0k5gb8it.default\Cache\9C933101d01 -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned without backup
C:\Documents and Settings\TUOMAS\Local Settings\Temp\gdg160\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\TUOMAS\Local Settings\Temp\gdg3\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\TUOMAS\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned without backup
C:\Documents and Settings\TUOMAS\Local Settings\Temp\uninstall.exe -> Adware.SurfAccuracy : Cleaned without backup
C:\Documents and Settings\TUOMAS\Local Settings\Temporary Internet Files\Content.IE5\0DYF85E7\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned without backup
C:\Documents and Settings\TUOMAS\Local Settings\Temporary Internet Files\Content.IE5\8LIFKHIN\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned without backup
C:\Documents and Settings\TUOMAS\Local Settings\Temporary Internet Files\Content.IE5\OP2NO1QV\mm[2].js -> Spyware.Chitika : Cleaned without backup
C:\Documents and Settings\VEERA\Application Data\Mozilla\Firefox\Profiles\8dpoeuu8.default\Cache(4)\9C933101d01 -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg1\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg15C\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg15E\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg16F\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg174\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg17F\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg18F\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg1B7\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg1BC\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg1C0\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VEERA\Local Settings\Temp\gdg3\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
:mozilla.14:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.23:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned without backup
:mozilla.28:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned without backup
:mozilla.32:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.33:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.34:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.35:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.36:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.50:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned without backup
:mozilla.51:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned without backup
:mozilla.55:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
:mozilla.56:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
:mozilla.57:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup
:mozilla.63:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned without backup
:mozilla.64:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned without backup
:mozilla.73:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.75:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.76:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.77:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.78:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.79:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.80:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.81:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned without backup
:mozilla.86:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.87:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.94:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.95:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.96:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.97:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.98:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.104:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.105:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.106:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned without backup
:mozilla.113:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
:mozilla.115:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
:mozilla.116:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
:mozilla.124:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned without backup
:mozilla.130:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.131:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.134:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.135:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.137:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.146:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned without backup
:mozilla.147:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned without backup
:mozilla.155:C:\Documents and Settings\VILLE\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\VILLE\Cookies\ville@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\VILLE\Cookies\ville@ehg-hollywood.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\VILLE\Cookies\ville@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\VILLE\Cookies\ville@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\VILLE\Cookies\ville@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\Cache\8674A487d01 -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Application Data\Mozilla\Firefox\Profiles\tqrzqne7.default\Cache\9C933101d01 -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Temp\gdg14C\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Temp\gdg165\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Temp\gdg16B\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Temp\gdg173\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Temp\gdg177\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Temp\gdg1D4\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup
C:\Documents and Settings\VILLE\Local Settings\Temp\gdgFA\index.htm.mwt -> Backdoor.DSSdoor.a : Cleaned without backup


::Report End

 

Pistähän nyt uusin hjt loki vielä niin katsotaan missä mennään.

 

Logfile of HijackThis v1.99.1
Scan saved at 13:04:20, on 27.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NetLimiter 2\nlsvc.exe
C:\NORMAN\Bin\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\NORMAN\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\bin\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\NORMAN\bin\ZLH.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Program Files\WhatPulse\WhatPulse.exe
C:\NORMAN\Nvc\bin\cclaw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\Core Center\CoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2\nlsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\NORMAN\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

 

IE ilmaisesti tiuhaan käytössä...

Voisi sen puhdistaa vielä:
EasyCleaner -> http://personal.inet.fi/business/toniarts/files/EClea2_0.exe
putsaa rekisteri, turhat tiedostot, evästeet, sivuhistoria, mru ym.

Missä kunnossa kone on nyt sitten? onko vielä ongelmia?

 

kone on tällä hetkellä ihan täydellisesti jumissa. sairaan hidas
en ole vielä puhdistanut EasyCleanerin kanssa, koska setup ei aukea!

 

Oiskohan niin yksinkertaista, että koneesta on vääntö loppumassa?

Sulla on ihan tolkuttomasti noita käynnistyviä ohjelmia.

Turhia:
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime



Kolme messengeriä??
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background



Nämäkin voi mun mielestä ottaa pois käynnistyksestä. Olen poistanut ne omalta koneeltakin ja kaikki pelittää normaalisti ja paljon nopeammin.
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

 

poistaks mä noi ihan vaan deletellä

 

No et, vaan fixaat ko. rivit HjT:llä, kuten edellä.

 

juu tajusin vähän ajan miätinnän jälkeen. anteeksi tyhmyyteni ja kiitos paljon avusta.

 

Niin ja oletko eheyttänyt levyä muuten? Jos on pahasti sirpaleinen niin hidastaa se konetta. Lisäksi näyttäisi olevan paljon eri soittimia koneella oletko varma että tarvitset niitä kaikkia vai olisko parempi yksi monipuolinen soitin kuin monta turhaan tehoja ja muistiä syömässä?

Esim qicktime, itunes, realplayer ja tämän lisäksi uskoisin WMP ja winmp ainakin löytyvät että voishan noista karsia ja ottaa vaikka VLC player tilalle, itse tein juuri niin ja kone parani. Ellei sinulla nyt satu olemaan tuo ipod käytössä muuten itunes on melkoisen turha taustalla.

IE selain olis myös hyvä vaihtaa operaan tai Firefoxiin ja ihan turvallisuus syistä, nopeudesta ja käyttömukavuudesta pitkälti.
Tässä taas muutama vinkki koneen parantamiseen =)

Toki syy voi olla raudassa esim. muistikampa on saattanut elää parhaiden päivien ohi ja näin olla melko tyhjänpanttina siellä. Eli onkohan muisti testattu ja koneen lämmöt myös?