SpywareGuard pop-uppi ja nykimistä, voisiko joku tsekata HjT-login?

mattson · 13.05.2007

Elikkäs kone kaatuilee jossain peleissä erityisesti Call of Duty 2:sessa. Ajurit ja lämmöt ovat kunnossa, punkbuster on päivitetty ja koneen tehon pitäisi riittää hyvin. Toinen ärsyttävämpi ongelma jonka takia oikeastaan kirjoitin tänne on SpywareGuardin jatkuva ilmoitus (otettu SpywareGuardin "Report":ista):

NEW BHO DETECTION ALERT
On 14:14:22 05.13.2007 a new BHO installation attempt was detected.
BHO: {4CC47A80-A538-486D-B715-F3A45D50E46D}
ProgramID: n/a
File Location: C:\WINDOWS\system32\awtsp.dll
User Action Taken: REMOVE BHO

Tuolla Hijackthis-logissa näkyy tuo awtsp.dll( O2 - BHO: (no name) - {4CC47A80-A538-486D-B715-F3A45D50E46D} - C:\WINDOWS\system32\awtsp.dll ja O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll ) ja olenkin yrittänyt fixata sitä Hijackthis:illä mutta ne aina ilmaantuvat sinne takaisin / eivät poistu. Olen myäs skannanut tuota awtsp.dll tiedostoa Nod32:lla ja eScan:illa (versio 4.4.7) ilman että kumpikaan olisi löytäny vikaa siitä.

Jos joku viitsisi tsekata missä mahtaa olla vika ja ohjata oikeaan suuntaan niin olisin hyvin kiitollinen.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:10:23, on 13.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\cinaM\Työpöytä\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4CC47A80-A538-486D-B715-F3A45D50E46D} - C:\WINDOWS\system32\awtsp.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.50] C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173106270171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 4351 bytes

AfterDawn

tomato71 · 13.05.2007

Moi!

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

Lähetä uusi hjt-loki ja VundoFix-loki

mattson · 13.05.2007

Moi ja kiitos nopeasta vastauksestasi.

Enää ei SpywareGuard:ilta tuu sitä varoitus viestiä.

Tässä oisi VundoFix.txt-logi

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 15:44:00 13.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\vtuurqq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuurqq.dll
C:\WINDOWS\system32\vtuurqq.dll Has been deleted!

Performing Repairs to the registry.
Done!

Ja tässä uusi HijackThis-logi

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:37:24, on 13.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\cinaM\Työpöytä\HiJackThis_v2.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.50] C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173106270171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 4100 bytes

tomato71 · 13.05.2007

Hyvä juttu...

Vielä tämä,ettei jääny vundoja koneelle mitä vundofixi ei tunnista....

Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

mattson · 13.05.2007

Oon ajanut ton F-Securen online scannerin nyt kahdesti. Tarkistaa tietääkseni kaikki tiedostot jonka jälkeen sitten sivun alareunaan tulee valmis teksti. Sivu on muuten valkea. Joten en pystynyt/saanut mitään logia enkä myöskään pystynyt suorittamaan "Automatic cleaningia" sillä online scannerilla.

Internet Explorer alkoi aukaisemaan itseään Vundofixin ajon jälkeen ja pyrkii johonkin outoon osoitteeseen (http://url.cpvfeed.com/cpv.jsp?p=110830&ip=82.197.31.240&url=http%3A%2F%2Furl.cpvfeed.com%2Fcpv.jsp%3Fp%3D110830%26ip%3D82.197.31.240%26url%3Dhttp%253a%252f%252fwww.megaupload.com%252ffi%252f%26selectedkeyword%3Dron%26selectedlistingid%3D6372064&selectedKeyword=ron&selectedListingId=6243871) joka ei ole käytössä.

Pitäisikö tosta "O2 - BHO: (no name) - {4CC47A80-A538-486D-B715-F3A45D50E46D} - C:\WINDOWS\system32\awtsp.dll" merkinnästä HijackThis-logissa olla huolissaan? Kokeilin poistaa sitä mutta ei suostunut lähtemään.

Kiitos jo etukäteen.

tomato71 · 13.05.2007

Pitäisikö tosta "O2 - BHO: (no name) - {4CC47A80-A538-486D-B715-F3A45D50E46D} - C:\WINDOWS\system32\awtsp.dll" merkinnästä
Laajenna...

ei kyllä enää näkyny edellisessä lokissa

Aika outoa että f-secure ei löytäny mitään,olisi ainakin pitänyt vundofix backupista ne vundot

scannaa tällä

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
*Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
*Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
*Käynnistä AVG Anti-Spyware.
*Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
*Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

*Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
*Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
*Sitten "Reports" valikon alta:
*Laita täppi kohtaan "Automatically generate report after every scan"
*Ota täppi pois kohdasta"Only if threats were found

*Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
*"Resident shield is", muuta tila active:sta inactive:ksi
*Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, Ohje!

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
*Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
*Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
*AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
*Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
*Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

*Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
*Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
*Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.

Lähetä uusi hjt-loki ja AVG-loki

mattson · 14.05.2007

Terve taas. Sori että vastauksessa kesti.

Katoin ton HijackThis-jutun väärin. Ei se kohta enää siellä ole.

Ja mitä tohon F-Securen tulee niin taisin ilmaista itseäni hieman huonosti. Ajoin tuon F-Securen online scannin mutta en suorittanut puhdistusta enkä edes saanut logia ulos koska tarkistuksen jälkeen IE:n ikkuna muuttuu valkoiseksi. Ja kyseisen ikkunan alareunan harmaaseen osaan tulee teksti "valmis".

Eli en voinut suorittaa puhdistus toimenpidettä enkä saanut logia.

Suorittelin Dr.WebCureIt:llä tarkistuksen ja se löysikin jotain viruksia yms. jotka poistin.

Muuten voiko joku virus disabloida Windowsin käynnistys paneelista löytyvän "Sammuta" kohdan? Siinä missä oli ennen käynnistys lukee enää "Kirjaudu Ulos".

Tässä ois kuitenkin nyt tää AVG:n reportti ja uusin HijackThis-logi.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:50:25 14.5.2007

+ Scan result:

C:\WINDOWS\system32\drivers\core.sys -> Adware.Salix : Cleaned with backup (quarantined).

::Report end

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:58:51, on 14.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\The All-Seeing Eye\eye.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\cinaM\Työpöytä\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.50] C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173106270171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 4457 bytes

tomato71 · 14.05.2007

Muuten voiko joku virus disabloida Windowsin käynnistys paneelista löytyvän "Sammuta" kohdan? Siinä missä oli ennen käynnistys lukee enää "Kirjaudu Ulos".
Laajenna...

Kyllä voi

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

Sulje kaikki avoimet ikkunat ja ohjelmat.

Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.

Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt

Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )

kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

Lataa ja tallenna Blacklight työpöydällesi;

Tupla-klikkaa blbeta.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".

mattson · 14.05.2007

Tässä pyytämäsien lokien sisältö.

Deckard's System Scanner v20070426.43
Run by cinaM on 2007-05-15 at 00:07:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-05-14 21:07:47 UTC - RP1 - Järjestelmän tarkistuspiste

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-05-15 00:08:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cinaM\Työpöytä\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.50] C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'mhtml' protocol is in Restricted Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173106270171
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - "C:\Program Files\Eset\nod32krn.exe"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe"
O23 - Service: PDEngine - Raxco Software, Inc. - "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

-- HijackThis Fixed Entries (C:\Documents and Settings\cinaM\Työpöytä\backups\)

backup-20070514-205845-321 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070514-205845-404 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
R3 ProtoWall (ProtoWall Network Service) - c:\windows\system32\drivers\protowall.sys <Not Verified; ; ProtoWall Driver>

S1 core - c:\windows\system32\drivers\core.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 PnkBstrB -
S4 XKITE -

-- Files created between 2007-04-15 and 2007-05-15 -----------------------------

2007-05-15 00:06:35 0 dr-h----- C:\Documents and Settings\cinaM\Recent
2007-05-14 19:18:00 0 d-------- C:\WINDOWS\system32\NtmsData
2007-05-14 16:45:46 0 d-------- C:\WINDOWS\BDOSCAN8
2007-05-14 16:13:31 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-13 20:32:05 0 d-------- C:\escheck
2007-05-13 18:38:23 49664 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-05-13 18:38:19 0 d-------- C:\Program Files\Active Ports
2007-05-13 18:30:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-05-13 18:30:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-13 18:30:57 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-05-13 18:00:53 45056 --a------ C:\jumper.exe <Not Verified; http://www.firewallleaktester.com; Jumper leaktest>
2007-05-13 18:00:10 48128 --a------ C:\WallBreaker.exe
2007-05-13 17:58:20 24576 --a------ C:\dnstester.exe
2007-05-13 17:09:01 0 d-------- C:\Documents and Settings\cinaM\DoctorWeb
2007-05-13 17:07:31 516 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-13 16:31:54 0 d-------- C:\Documents and Settings\cinaM\WINDOWS
2007-05-13 15:12:18 0 d-------- C:\Program Files\SpeedFan
2007-05-12 09:46:40 0 d-------- C:\Program Files\MSN Messenger
2007-05-11 19:32:48 0 d-------- C:\Program Files\Q3E Minimizer v1.50
2007-05-09 20:46:14 280 --a------ C:\WINDOWS\system32\PDBootState
2007-05-09 20:14:16 0 d-------- C:\Program Files\Common Files\Raxco
2007-05-09 20:13:57 0 d-------- C:\Program Files\Raxco
2007-05-09 20:05:32 0 d-------- C:\Program Files\MSXML 6.0
2007-05-09 19:49:44 0 d-------- C:\Program Files\MSBuild
2007-05-09 19:47:56 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-05-09 19:47:35 0 d-------- C:\Program Files\Reference Assemblies
2007-05-05 09:43:34 0 d-------- C:\Program Files\Call of Duty
2007-04-27 16:23:40 0 d-------- C:\Documents and Settings\cinaM\Application Data\Gearbox Software
2007-04-27 14:58:27 0 d-------- C:\Program Files\Winamp
2007-04-27 14:38:17 0 d-------- C:\Program Files\OpenAL
2007-04-22 12:04:10 2358529 --a------ C:\HOSTS
2007-04-21 15:48:36 0 d--h----- C:\WINDOWS\PIF
2007-04-21 11:46:06 0 d-------- C:\Program Files\uTorrent
2007-04-21 11:46:01 0 d-------- C:\Documents and Settings\cinaM\Application Data\uTorrent

-- Find3M Report ---------------------------------------------------------------

2007-05-15 00:06:43 0 d-------- C:\Documents and Settings\cinaM\Application Data\Xfire
2007-05-14 22:23:58 0 d-------- C:\Documents and Settings\cinaM\Application Data\foobar2000
2007-05-14 21:02:05 0 d-------- C:\Documents and Settings\cinaM\Application Data\OpenOffice.org2
2007-05-14 20:55:09 0 d-------- C:\Program Files\mIRC
2007-05-14 20:54:40 0 d---s---- C:\Program Files\Xfire
2007-05-14 17:22:55 0 d-------- C:\Program Files\SpywareGuard
2007-05-14 17:22:45 0 d-------- C:\Program Files\a-squared Free
2007-05-14 17:22:45 0 d-------- C:\Program Files\7-Zip
2007-05-14 17:00:48 0 d-------- C:\Program Files\The All-Seeing Eye
2007-05-14 15:43:29 0 d-------- C:\Program Files\SafeXP
2007-05-14 15:41:56 0 d-------- C:\Program Files\Java
2007-05-14 11:03:40 411122 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-05-14 11:03:40 83774 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-05-13 22:02:15 0 d-------- C:\Documents and Settings\cinaM\Application Data\Skype
2007-05-13 11:59:36 0 d-------- C:\Program Files\SpywareBlaster
2007-05-13 11:49:55 0 d-------- C:\Program Files\DC++
2007-05-11 13:04:21 0 d-------- C:\Program Files\Pbsetup
2007-05-05 10:14:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-01 15:50:43 0 d-------- C:\Program Files\Championship Manager
2007-04-27 14:38:17 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-04-27 14:38:17 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-04-15 14:04:13 0 d-------- C:\Program Files\Bluetack
2007-04-14 23:12:28 0 d-------- C:\Program Files\Skype
2007-04-14 23:12:28 0 d-------- C:\Program Files\Common Files\Skype
2007-04-14 09:20:11 0 d-------- C:\Documents and Settings\cinaM\Application Data\Opera
2007-04-14 09:20:07 0 d-------- C:\Program Files\Opera
2007-03-30 18:58:00 0 d-------- C:\Program Files\MSXML 4.0
2007-03-27 19:10:36 5523658 --a------ C:\Program Files\ipfilter.p2p
2007-03-26 18:08:20 0 d-------- C:\Program Files\Easy Video Joiner
2007-03-26 17:45:23 0 d-------- C:\Program Files\RegSeeker
2007-03-25 11:32:47 0 d-------- C:\Documents and Settings\cinaM\Application Data\Sun
2007-03-24 12:57:36 0 d-------- C:\Documents and Settings\cinaM\Application Data\Apple Computer
2007-03-23 14:47:01 0 d-------- C:\Program Files\Common Files\Java
2007-03-23 14:11:32 0 d-------- C:\Documents and Settings\cinaM\Application Data\Google
2007-03-23 14:11:19 0 d-------- C:\Program Files\Google
2007-03-23 12:51:10 0 d-------- C:\Program Files\oo2-soikko-Windows-1.1.2
2007-03-23 12:42:43 0 d-------- C:\Program Files\OpenOffice.org 2.1
2007-03-19 00:32:32 0 d-------- C:\Documents and Settings\cinaM\Application Data\Ventrilo
2007-03-18 23:41:20 0 d-------- C:\Program Files\Common Files\LogiShrd
2007-03-18 23:38:26 0 d-------- C:\Program Files\VentriloMIX
2007-03-18 23:35:38 0 d-------- C:\Program Files\Logitech
2007-03-18 23:01:35 0 d-------- C:\Program Files\Common Files\Logitech
2007-03-16 22:03:14 0 d-------- C:\Documents and Settings\cinaM\Application Data\Miranda
2007-03-15 12:12:19 36864 --a------ C:\WINDOWS\system32\alaprxy.dll
2007-03-05 20:15:07 28 --a------ C:\WINDOWS\system32\autoscan0.dll
2007-03-05 19:32:25 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-05 19:20:40 62 --ahs---- C:\Documents and Settings\cinaM\Application Data\desktop.ini
2007-03-05 17:38:12 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-03-05 17:29:34 0 -rahs---- C:\MSDOS.SYS
2007-03-05 17:29:34 0 -rahs---- C:\IO.SYS
2007-03-05 17:29:34 0 --a------ C:\CONFIG.SYS
2007-03-05 17:29:34 0 -----n--- C:\AUTOEXEC.BAT
2007-03-05 17:27:08 21672 --a------ C:\WINDOWS\system32\emptyregdb.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Comodo Firewall"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ProtoWall"="C:\\Program Files\\Bluetack\\ProtoWall\\ProtoWall.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Q3E Minimizer v1.50"="C:\\Program Files\\Q3E Minimizer v1.50\\Q3E Minimizer_v1.50.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001
"NoFavoritesMenu"=dword:00000001
"NoSMMyDocs"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoStartMenuMyMusic"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoRecentDocsNetHood"=dword:00000000
"NoSMHelp"=dword:00000001
"NoRun"=dword:00000000
"NoInstrumentation"=dword:00000000
"NoSimpleStartMenu"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"=dword:00000000
"NoActiveDesktop"=hex:00,00,00,00
"HideClock"=dword:00000000
"NoManageMyComputerVerb"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"NoCDBurning"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"StartmenuLogoff"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoPrinterTabs"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoPrinters"=dword:00000000
"NoNetworkConnections"=dword:00000000
"NoFind"=dword:00000000
"NoClose"=dword:00000001
"NoSetFolders"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"NoChangeAnimation"=dword:00000000
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"NoThemesTab"=dword:00000000
"NoSaveSettings"=hex:00,00,00,00
"NoWindowsUpdate"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoFavoritesMenu"=dword:00000001
"NoSMMyDocs"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoStartMenuMyMusic"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsNetHood"=dword:00000000
"NoSMHelp"=dword:00000001
"NoRun"=dword:00000001
"NoInstrumentation"=dword:00000000
"NoStartMenuPinnedList"=dword:00000000
"ForceStartMenuLogoff"=dword:00000000
"NoSharedDocuments"=dword:00000001
"NoUserNameInStartMenu"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{04F0B796-6E22-4624-A974-18F54AE51452}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Logitech SetPoint.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "
"item"="Logitech SetPoint"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cinaM^Käynnistä-valikko^Ohjelmat^Käynnistys^OpenOffice.org 2.1.lnk]
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.1\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rundll32 SPIRun"
"hkey"="HKLM"
"command"="Rundll32 SPIRun.dll,RunDLLEntry"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pg2"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512db162-cb33-11db-a360-806d6172696f}]
Shell\AutoRun\command E:\setup.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[IE-SpyAd]

14843 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-05-15 at 00:09:36 ---------

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2046.48 MiB / 1561.04 MiB
Pagefile Memory (total/avail): 3939.34 MiB / 3649.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.07 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 34.18 GiB total, 19.75 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 263.91 GiB total, 54.17 GiB free.
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (FAT)
J: is Fixed (NTFS) - 232.88 GiB total, 25.35 GiB free.

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cinaM\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEUSEXMACHINA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cinaM
LOGONSERVER=\\DEUSEXMACHINA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\cinaM\LOCALS~1\Temp
TMP=C:\DOCUME~1\cinaM\LOCALS~1\Temp
USERDOMAIN=DEUSEXMACHINA
USERNAME=cinaM
USERPROFILE=C:\Documents and Settings\cinaM
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

cinaM (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
a-squared Free 2.1 --> "C:\Program Files\a-squared Free\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Active Ports --> C:\WINDOWS\unvise32.exe C:\Program Files\Active Ports\uninstal.log
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AMIP for foobar2000 (remove only) --> "C:\Program Files\foobar2000\components\amip_uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Call of Duty --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty - United Offensive --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Comodo Firewall --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DC++ 0.699 --> "C:\Program Files\DC++\uninstall.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Easy Video Joiner 5.21 --> "C:\Program Files\Easy Video Joiner\unins000.exe"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
foobar2000 v0.9.4.1 --> "C:\Program Files\foobar2000\uninstall.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
KhalSetup --> MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech G15 Keyboard Software 1.03 --> MsiExec.exe /X{A514B037-31E3-4158-A1AB-AEE1952D0184}
Logitech QuickCam --> MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0xb -removeonly
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera -ohjain --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.3) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v1.9 --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
oo2-soikko-Windows-1.1.2 --> C:\Program Files\oo2-soikko-Windows-1.1.2\Uninstall-oo2-soikko-Windows-1.1.2.exe
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
OpenOffice.org 2.1 --> MsiExec.exe /I{BE95E3BD-323B-46CC-AE78-8C9248A5BD78}
Opera 9.20 --> MsiExec.exe /X{E5EC3E84-F3D6-4ECB-9486-69FCF11694B3}
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911164) -->
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
PowerStrip 3 (remove only) --> C:\Program Files\PowerStrip\uninstal.exe
Q3E Minimizer v1.50 --> "C:\Program Files\Q3E Minimizer v1.50\unins000.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RegSupreme Pro 1.4 --> "C:\Program Files\RegSupreme Pro\unins000.exe"
Seismovision 3 (remove only) --> "C:\Program Files\NuGardt Software\Seismovision 3\uninst_seis3.exe"
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VentriloMIX --> C:\Program Files\VentriloMIX\Uninstal.exe
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
xp-AntiSpy 3.96-4 --> C:\Program Files\xp-AntiSpy\Uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"

-- End of Deckard's System Scanner: finished at 2007-05-15 at 00:09:36 ---------

05/15/07 00:10:49 [Info]: BlackLight Engine 1.0.61 initialized
05/15/07 00:10:49 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/15/07 00:10:49 [Note]: 7019 4
05/15/07 00:10:49 [Note]: 7005 0
05/15/07 00:10:49 [Note]: 7006 0
05/15/07 00:10:49 [Note]: 7011 1080
05/15/07 00:10:49 [Note]: 7026 0
05/15/07 00:10:49 [Note]: 7026 0
05/15/07 00:10:50 [Note]: FSRAW library version 1.7.1021
05/15/07 00:13:47 [Note]: 7007 0

tomato71 · 15.05.2007

Moi!

[*]1.Napsauta Käynnistä-painiketta ja valitse Ohjauspaneeli.
[*]2.Valitse "Kansion asetukset"
[*]3.Siirry "Näytä välilehdelle"
[*]4.Valitse Näytä-välilehden Piilotetut tiedostot ja kansiot -kohdassa" Näytä piilotetut tiedostot ja kansiot."

Scannaa seuraavat tiedostot:

C:\WINDOWS\system32\alaprxy.dll
C:\WINDOWS\system32\autoscan0.dll

täällä--> Virustotal
Huom 1 tiedosto kerralla.Kopioi tuloksen ja liitä tänne

Laita piilotiedostot takaisin piiloon

ja sitten tämä.....

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Lähetä uusi hjt-loki + C:\ComboFix.txt

mattson · 15.05.2007

Tässä taas logit.

Virustotal

Complete scanning result of "alaprxy.dll", received in VirusTotal at 05.15.2007, 09:46:20 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.15.0 05.14.2007 no virus found
AntiVir 7.4.0.15 05.15.2007 no virus found
Authentium 4.93.8 05.14.2007 no virus found
Avast 4.7.997.0 05.15.2007 no virus found
AVG 7.5.0.467 05.14.2007 no virus found
BitDefender 7.2 05.15.2007 no virus found
CAT-QuickHeal 9.00 05.14.2007 no virus found
ClamAV devel-20070416 05.15.2007 no virus found
DrWeb 4.33 05.15.2007 no virus found
eSafe 7.0.15.0 05.14.2007 no virus found
eTrust-Vet 30.7.3634 05.15.2007 no virus found
Ewido 4.0 05.14.2007 no virus found
FileAdvisor 1 05.15.2007 no virus found
Fortinet 2.85.0.0 05.15.2007 no virus found
F-Prot 4.3.2.48 05.14.2007 no virus found
F-Secure 6.70.13030.0 05.15.2007 no virus found
Ikarus T3.1.1.7 05.15.2007 no virus found
Kaspersky 4.0.2.24 05.15.2007 no virus found
McAfee 5030 05.14.2007 no virus found
Microsoft 1.2503 05.15.2007 no virus found
NOD32v2 2266 05.14.2007 no virus found
Norman 5.80.02 05.14.2007 no virus found
Panda 9.0.0.4 05.14.2007 no virus found
Prevx1 V2 05.15.2007 no virus found
Sophos 4.17.0 05.11.2007 no virus found
Sunbelt 2.2.907.0 05.12.2007 no virus found
Symantec 10 05.15.2007 no virus found
TheHacker 6.1.6.115 05.14.2007 no virus found
VBA32 3.12.0 05.14.2007 no virus found
VirusBuster 4.3.7:9 05.14.2007 no virus found
Webwasher-Gateway 6.0.1 05.15.2007 no virus found

Aditional Information
File size: 36864 bytes
MD5: e0ec7f6a4dd50c59149bf9706c4e9a5a
SHA1: 14635906834eb257bbe7e73c400978236c4eeeeb

Complete scanning result of "autoscan0.dll", received in VirusTotal at 05.15.2007, 10:02:07 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.15.0 05.14.2007 no virus found
AntiVir 7.4.0.15 05.15.2007 no virus found
Authentium 4.93.8 05.14.2007 no virus found
Avast 4.7.997.0 05.15.2007 no virus found
AVG 7.5.0.467 05.14.2007 no virus found
BitDefender 7.2 05.15.2007 no virus found
CAT-QuickHeal 9.00 05.14.2007 no virus found
ClamAV devel-20070416 05.15.2007 no virus found
DrWeb 4.33 05.15.2007 no virus found
eSafe 7.0.15.0 05.14.2007 no virus found
eTrust-Vet 30.7.3634 05.15.2007 no virus found
Ewido 4.0 05.14.2007 no virus found
FileAdvisor 1 05.15.2007 no virus found
Fortinet 2.85.0.0 05.15.2007 no virus found
F-Prot 4.3.2.48 05.14.2007 no virus found
F-Secure 6.70.13030.0 05.15.2007 no virus found
Ikarus T3.1.1.7 05.15.2007 no virus found
Kaspersky 4.0.2.24 05.15.2007 no virus found
McAfee 5030 05.14.2007 no virus found
Microsoft 1.2503 05.15.2007 no virus found
NOD32v2 2266 05.14.2007 no virus found
Norman 5.80.02 05.14.2007 no virus found
Panda 9.0.0.4 05.15.2007 no virus found
Prevx1 V2 05.15.2007 no virus found
Sophos 4.17.0 05.11.2007 no virus found
Sunbelt 2.2.907.0 05.12.2007 no virus found
Symantec 10 05.15.2007 no virus found
TheHacker 6.1.6.115 05.14.2007 no virus found
VBA32 3.12.0 05.14.2007 no virus found
VirusBuster 4.3.7:9 05.14.2007 no virus found
Webwasher-Gateway 6.0.1 05.15.2007 no virus found

Aditional Information
File size: 28 bytes
MD5: 1a1aeecfb6c4a85b8c94608b238fa9ec
SHA1: 5ee4faeac439b9bcef6e5c33f058c0dd93088732

Ja Combofix.

"cinaM" - 2007-05-15 10:57:44 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\cinaM\Ty”p”yt„\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\drivers\core.cache.dsk

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\core

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))

2007-05-15 00:07 <KANSIO> d-------- C:\Deckard
2007-05-14 19:18 <KANSIO> d-------- C:\WINDOWS\system32\NtmsData
2007-05-14 16:45 <KANSIO> d-------- C:\WINDOWS\BDOSCAN8
2007-05-14 16:13 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-13 20:32 <KANSIO> d-------- C:\escheck
2007-05-13 20:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-13 18:38 49,664 --a------ C:\WINDOWS\unvise32.exe
2007-05-13 18:38 <KANSIO> d-------- C:\Program Files\Active Ports
2007-05-13 18:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-13 18:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-13 18:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-13 18:00 48,128 --a------ C:\WallBreaker.exe
2007-05-13 18:00 45,056 --a------ C:\jumper.exe
2007-05-13 17:58 24,576 --a------ C:\dnstester.exe
2007-05-13 17:09 <KANSIO> d-------- C:\DOCUME~1\cinaM\DoctorWeb
2007-05-13 17:07 516 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-13 16:31 <KANSIO> d-------- C:\DOCUME~1\cinaM\WINDOWS
2007-05-13 15:12 <KANSIO> d-------- C:\Program Files\SpeedFan
2007-05-12 09:46 <KANSIO> d-------- C:\Program Files\MSN Messenger
2007-05-11 19:32 <KANSIO> d-------- C:\Program Files\Q3E Minimizer v1.50
2007-05-09 20:14 <KANSIO> d-------- C:\Program Files\Common Files\Raxco
2007-05-09 20:13 <KANSIO> d-------- C:\Program Files\Raxco
2007-05-09 20:05 <KANSIO> d-------- C:\Program Files\MSXML 6.0
2007-05-09 19:49 <KANSIO> d-------- C:\Program Files\MSBuild
2007-05-09 19:47 <KANSIO> d-------- C:\WINDOWS\system32\XPSViewer
2007-05-09 19:47 <KANSIO> d-------- C:\Program Files\Reference Assemblies
2007-05-09 19:46 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-05-05 09:43 <KANSIO> d-------- C:\Program Files\Call of Duty
2007-04-27 16:23 <KANSIO> d-------- C:\DOCUME~1\cinaM\APPLIC~1\Gearbox Software
2007-04-27 14:58 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-27 14:58 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-27 14:58 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-27 14:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-27 14:58 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-27 14:58 <KANSIO> d-------- C:\Program Files\Winamp
2007-04-27 14:38 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-27 14:38 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-27 14:38 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-27 14:38 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-27 14:38 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-27 14:38 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-27 14:38 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-27 14:38 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-27 14:38 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-27 14:38 <KANSIO> d-------- C:\Program Files\OpenAL
2007-04-21 15:48 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-04-21 11:46 <KANSIO> d-------- C:\Program Files\uTorrent
2007-04-21 11:46 <KANSIO> d-------- C:\DOCUME~1\cinaM\APPLIC~1\uTorrent

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-15 07:58:29 -------- d-----w C:\Program Files\mIRC
2007-05-15 07:58:08 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Xfire
2007-05-15 07:02:53 -------- d-s---w C:\Program Files\Xfire
2007-05-14 19:46:48 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-05-14 19:23:58 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\foobar2000
2007-05-14 18:02:05 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\OpenOffice.org2
2007-05-14 14:22:55 -------- d-----w C:\Program Files\SpywareGuard
2007-05-14 14:22:45 -------- d-----w C:\Program Files\a-squared Free
2007-05-14 14:22:45 -------- d-----w C:\Program Files\7-Zip
2007-05-14 14:00:48 -------- d-----w C:\Program Files\The All-Seeing Eye
2007-05-14 12:43:29 -------- d-----w C:\Program Files\SafeXP
2007-05-14 08:03:40 83,774 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-05-14 08:03:40 411,122 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-05-13 19:02:15 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Skype
2007-05-13 08:59:36 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-13 08:49:55 -------- d-----w C:\Program Files\DC++
2007-05-11 10:04:21 -------- d-----w C:\Program Files\Pbsetup
2007-05-05 07:14:06 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-01 12:50:43 -------- d-----w C:\Program Files\Championship Manager
2007-04-30 15:57:13 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-04-27 11:38:17 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-04-27 11:38:17 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-04-15 11:04:13 -------- d-----w C:\Program Files\Bluetack
2007-04-14 20:12:28 -------- d-----w C:\Program Files\Skype
2007-04-14 20:12:28 -------- d-----w C:\Program Files\Common Files\Skype
2007-04-14 06:20:11 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Opera
2007-04-14 06:20:07 -------- d-----w C:\Program Files\Opera
2007-03-30 15:58:00 -------- d-----w C:\Program Files\MSXML 4.0
2007-03-26 15:08:20 -------- d-----w C:\Program Files\Easy Video Joiner
2007-03-26 14:45:23 -------- d-----w C:\Program Files\RegSeeker
2007-03-24 09:57:36 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Apple Computer
2007-03-23 11:11:32 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Google
2007-03-23 11:11:19 -------- d-----w C:\Program Files\Google
2007-03-23 09:51:10 -------- d-----w C:\Program Files\oo2-soikko-Windows-1.1.2
2007-03-23 09:42:43 -------- d-----w C:\Program Files\OpenOffice.org 2.1
2007-03-18 21:32:32 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Ventrilo
2007-03-18 20:41:20 -------- d-----w C:\Program Files\Common Files\LogiShrd
2007-03-18 20:38:26 -------- d-----w C:\Program Files\VentriloMIX
2007-03-18 20:35:38 -------- d-----w C:\Program Files\Logitech
2007-03-18 20:01:35 -------- d-----w C:\Program Files\Common Files\Logitech
2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 19:03:14 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Miranda
2007-03-15 09:12:19 36,864 ----a-w C:\WINDOWS\system32\alaprxy.dll
2007-03-14 20:36:23 -------- d-----w C:\Program Files\PowerStrip
2007-03-09 20:47:38 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\teamspeak2
2007-03-08 17:04:19 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\vlc
2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 07:27:10 -------- d-----w C:\Program Files\Common Files\Real
2007-03-08 07:27:10 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Real
2007-03-05 22:07:16 -------- d-----w C:\Program Files\QuickTime
2007-03-05 22:02:36 -------- d-----w C:\Program Files\Real
2007-03-05 20:23:01 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-03-05 19:32:48 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Logitech
2007-03-05 19:30:21 -------- d-----w C:\Program Files\NuGardt Software
2007-03-05 18:57:56 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Media Player Classic
2007-03-05 18:25:45 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Help
2007-03-05 18:08:07 -------- d-----w C:\Program Files\Activision
2007-03-05 17:45:12 -------- d-----w C:\Program Files\RegSupreme Pro
2007-03-05 17:23:50 -------- d-----w C:\Program Files\CCleaner
2007-03-05 17:15:07 28 ----a-w C:\WINDOWS\system32\autoscan0.dll
2007-03-05 16:32:28 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Talkback
2007-03-05 16:32:25 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-05 16:28:09 -------- d-----w C:\Program Files\Media Player Classic
2007-03-05 16:21:09 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-05 16:21:06 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-03-05 16:17:58 -------- d-----w C:\Program Files\Trustix
2007-03-05 16:17:28 -------- d-----w C:\Program Files\Messenger
2007-03-05 16:05:46 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Comodo
2007-03-05 16:03:16 -------- d-----w C:\Program Files\Creative
2007-03-05 15:59:00 -------- d-----w C:\Program Files\ffdshow
2007-03-05 15:58:32 -------- d-----w C:\Program Files\DivX
2007-03-05 15:57:46 -------- d-----w C:\Program Files\D-Tools
2007-03-05 15:57:04 -------- d-----w C:\Program Files\AC3Filter
2007-03-05 15:56:29 -------- d-----w C:\Program Files\Xvid
2007-03-05 15:55:38 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-05 15:54:31 -------- d-----w C:\Program Files\Comodo
2007-03-05 15:49:13 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-03-05 15:13:51 -------- d-----w C:\Program Files\Lavalys
2007-03-05 15:13:28 -------- d-----w C:\Program Files\Foxit Software
2007-03-05 15:12:38 -------- d-----w C:\Program Files\VideoLAN
2007-03-05 15:12:06 -------- d-----w C:\Program Files\xp-AntiSpy
2007-03-05 15:10:46 -------- d-----w C:\Program Files\foobar2000
2007-03-05 14:46:58 -------- d-----w C:\DOCUME~1\cinaM\APPLIC~1\Lavasoft
2007-03-05 14:45:45 -------- d-----w C:\Program Files\Lavasoft
2007-03-05 14:44:43 -------- d-----w C:\Program Files\Marvell
2007-03-05 14:38:12 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-03-05 14:38:11 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-03-05 14:29:45 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-05 14:29:34 0 --sha-r C:\MSDOS.SYS
2007-03-05 14:29:34 0 --sha-r C:\IO.SYS
2007-03-05 14:29:34 0 ----a-w C:\CONFIG.SYS
2007-03-05 14:29:34 0 ------w C:\AUTOEXEC.BAT
2007-03-05 14:28:46 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-05 14:28:44 -------- d-----w C:\Program Files\Online Services
2007-03-05 14:27:49 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-05 14:27:39 -------- d-----w C:\Program Files\Movie Maker
2007-03-05 14:27:08 21,672 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-05 14:26:32 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-05 14:26:21 -------- d-----w C:\Program Files\Windows NT
2007-03-02 11:17:00 227,856 ----a-w C:\WINDOWS\system32\PDBoot.exe
2007-02-05 20:19:01 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-03 00:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Comodo Firewall"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-05 17:38]
"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-03-12 17:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProtoWall"="C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe" [2006-04-18 07:06]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2005-10-12 17:13]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ProtoWall"="C:\\Program Files\\Bluetack\\ProtoWall\\ProtoWall.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Q3E Minimizer v1.50"="C:\\Program Files\\Q3E Minimizer v1.50\\Q3E Minimizer_v1.50.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001
"NoFavoritesMenu"=dword:00000001
"NoSMMyDocs"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoStartMenuMyMusic"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoRecentDocsNetHood"=dword:00000000
"NoSMHelp"=dword:00000001
"NoRun"=dword:00000000
"NoInstrumentation"=dword:00000000
"NoSimpleStartMenu"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"=dword:00000000
"NoManageMyComputerVerb"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"NoCDBurning"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"StartmenuLogoff"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"NoCommonGroups"=dword:00000000
"NoPrinterTabs"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoPrinters"=dword:00000000
"NoNetworkConnections"=dword:00000000
"NoClose"=dword:00000001
"NoSetFolders"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"NoChangeAnimation"=dword:00000000
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"NoThemesTab"=dword:00000000
"NoSaveSettings"=hex:00,00,00,00
"NoWindowsUpdate"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoFavoritesMenu"=dword:00000001
"NoSMMyDocs"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoStartMenuMyMusic"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsNetHood"=dword:00000000
"NoSMHelp"=dword:00000001
"NoInstrumentation"=dword:00000000
"NoStartMenuPinnedList"=dword:00000000
"ForceStartMenuLogoff"=dword:00000000
"NoSharedDocuments"=dword:00000001
"NoUserNameInStartMenu"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!avg anti-spyware
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools-1033
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p17helper
Rundll32 SPIRun.dll,RunDLLEntry

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\peerguardian

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\setup.exe

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 11:00:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-15 11:00:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-15 11:00

tomato71 · 15.05.2007

Lähetätkö vielä uuden hjt-lokin ja tarkistuta tämä tiedosot Virustotalissa C:\WINDOWS\system32\tmp.reg
Miten kone toimii.... ongelmia??

mattson · 16.05.2007

Ei enää muita oireita paitsi toi Käynnistä valikosta häipyny "Sammuta"-kohta. Voisko sen enabloida jostain Käynnistä->Suorita yms. tai laittaa jostain asetuksista?

Ei löytynyt tuosta tmp.registä mitään virustotalilla.

Tässä on kuitenkin uusin HijackThis-logi

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:25:20, on 16.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\cinaM\Työpöytä\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.50] C:\Program Files\Q3E Minimizer v1.50\Q3E Minimizer_v1.50.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173106270171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Tapahtumaloki (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: CD-levyjen kirjoittamisen IMAPI COM -palvelu (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetMeeting etätyöpöydän jakaminen (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Älykortti (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Resurssilokit ja -hälytykset (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMI resurssisovitin (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Playerin verkkojakamispalvelu (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 4228 bytes

Kiitoksia vaivannäöstäsi.

tomato71 · 16.05.2007

Moi!

Muistaaksen sitä "sammuta" nappia ei voi asetuksista säätää pois.

Voisiko joku ohjelma aiheuttaa häikkää

Onko tietoa mitää nämä ohjelmat on : ProtoWall ja Q3E Minimizer v1.50
jos ne ei ole tärkeitä niin niitä voi sammuttaa pois käynnistyksestä näin...

Mene Käynnistä --> Suorita -->kirjoita msconfig -->valitse välilehti Käynnistys
ota täppi pois seuraavien ohjelmien edestä
ProtoWall
Q3E Minimizer v1.50

Paina Käytä ja sitten Sulje
Käynnistä kone uudelleen jonka jälkeen tulee ilmoitus ruutu(en muista mitä siinä lukee )
Siihen laita raksi/täppi ruutuun ja paina OK

Udelleennimeä HiJackThis_v2.exe vaikkapa mattson.exe:s ja lähetä sen jälkeen uusi hjt-loki

mattson · 18.05.2007

Nuo molemmat ohjelmat ovat olleet Windowsin asennuksesta saakka ja ovat tuttuja ja ns. laillisia enkä usko että ne aiheuttavat ongelmia.

tomato71 · 18.05.2007

Puuttuuko sulta mitään muuta siellä käynnistysvalikosta??
Oletko itse säätäny asetukset??
Tarkista asetukset--> oikee klikkaa "Käynnistä" napin päältä valitse
"ominaisuudet" --> mene välilehti "Käynnistä-valikko"-->paina "mukauta"
--> mene välilehti "lisäasetukset"
Siellä pitäis jotain säätöä pystymään tekee

kelari · 18.05.2007

Olisiko tästä apua: http://www.kellys-korner-xp.com/regs_edits/noclose.reg

mattson · 19.05.2007

Kiitos!

Ajettuani tuon noclose.reg:in ja bootattuani koneen Sammuta valikko palasi takasin paikalleen.

Kiitos tomato71 ja kelari vaivannäöstänne kone toimii nyt niinkuin ennenkin.

tomato71 · 20.05.2007

Moi!
Hyvä että tuli kuntoon

Kirjaudu tai liity jäseneksi

SpywareGuard pop-uppi ja nykimistä, voisiko joku tsekata HjT-login?

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

kelari Regular member

mattson Member

tomato71 Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

SpywareGuard pop-uppi ja nykimistä, voisiko joku tsekata HjT-login?

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

mattson Member

tomato71 Regular member

kelari Regular member

mattson Member

tomato71 Regular member

Jaa tämä sivu

Hyödyllisiä hakuja