Windows Secury alert, System alert, Spyware alert .....

sebukka · 10.08.2007

Tervehdys teille kaikille auttajille!

Olen sen verran selannut näitä sivuja, että täältä tälläinen tavallinen koneenkäyttäjä löytäisi varmaan apuja.
Kyseessä tytön kone ja varmaan Mesestä tai musiikkin lataamisesta aiheutunut saastuminen?
Heittelee varotuksia näytölle ja klikkaa mitä kohtaa vaan ilmoituksesta(Kyllä, Ei tai yläkulman ruksia),niin aina koitaa mennä nettiin.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:59, on 10.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\SECURE~1\UGDCcw.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SecurePCCleaner\GDC.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Hjt\Hijac.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B} - C:\WINDOWS\duocore.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SecurePCCleaner] "C:\Program Files\SecurePCCleaner\GDC.exe"
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\SECURE~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?08415cd1d9ff439fa39c9eeb782a88a1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?08415cd1d9ff439fa39c9eeb782a88a1
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure internet security\fsps\program\fslsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4909FFBA-5C2B-4557-BA0D-0FC7063F13AC}: NameServer = 82.116.225.5,194.100.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{57882E87-5002-4370-9139-E20326C0B395}: NameServer = 82.116.225.5,194.100.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4909FFBA-5C2B-4557-BA0D-0FC7063F13AC}: NameServer = 82.116.225.5,194.100.0.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {8692174A-A51A-41A4-993E-DCF99B717EF4} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {F0F1049A-4332-4F28-BE93-E24A9B2FBD23} - C:\WINDOWS\wmpconf.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

PS. Ensimmäinen kerta keskustelupalstoilla.....

AfterDawn

Auttaja · 10.08.2007

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

sebukka · 10.08.2007

Tämännäköistä kertomaa...

ComboFix 07-08-09.3 - "katariina" 2007-08-10 11:44:52.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.601 [GMT 3:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\KATARI~1\Suosikit.\Error Cleaner.url
C:\DOCUME~1\KATARI~1\Suosikit.\Privacy Protector.url
C:\DOCUME~1\KATARI~1\Suosikit.\Spyware&Malware Protection.url
C:\Program Files\AVSystemCare
C:\Program Files\AVSystemCare\Activate.exe
C:\Program Files\AVSystemCare\atf.exe
C:\Program Files\AVSystemCare\Dat\HI.exe
C:\Program Files\AVSystemCare\unins000.dat
C:\Program Files\AVSystemCare\unins000.exe
C:\Program Files\AVSystemCare\Update\aviupd.exe
C:\Program Files\Common Files\AVSystemCare
C:\Program Files\Common Files\AVSystemCare\uga6pcw.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Thumbs.db
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.html
C:\Program Files\newdotnet\Thumbs.db
C:\Program Files\Ultimate Defender
C:\Program Files\video activex access
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx
C:\WINDOWS\dat.txt
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\drivers\fopf.sys

((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))

2007-08-10 11:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 09:25 <KANSIO> d-------- C:\Hjt
2007-08-10 09:17 <KANSIO> d--hs---- C:\FOUND.001
2007-08-09 22:56 <KANSIO> d-------- C:\DOCUME~1\KATARI~1\APPLIC~1\F-Secure
2007-08-09 22:49 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-08-09 22:49 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-08-09 22:48 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2007-08-09 22:48 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-08-09 22:43 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
2007-08-09 17:54 <KANSIO> d-------- C:\Program Files\TrustedAntivirus
2007-08-09 17:54 <KANSIO> d-------- C:\Program Files\Common Files\TrustedAntivirus
2007-08-08 22:09 158,752 --a------ C:\DOCUME~1\KATARI~1\APPLIC~1\installer_en[1].exe
2007-08-08 22:01 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-08 22:00 158,752 --a------ C:\DOCUME~1\KATARI~1\APPLIC~1\install_en[1].exe
2007-08-08 17:28 221,184 --a------ C:\WINDOWS\wmpconf.dll
2007-08-08 17:28 188,416 --a------ C:\WINDOWS\wmpenv.dll
2007-08-08 17:28 188,416 --a------ C:\WINDOWS\duocore.dll
2007-07-19 22:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 00:47 52716 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-10 00:47 291828 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-06-21 00:13 9728 --ahs---- C:\Program Files\Thumbs.db
2007-05-16 18:14 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-14 16:37 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-06 18:33 8704 --ahs---- C:\Program Files\Common Files\Thumbs.db

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B}]
2007-08-07 20:43 188416 --a------ C:\WINDOWS\duocore.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 16:18]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-10-26 16:11]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 16:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 16:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 16:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 16:00]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-07-25 13:34]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 20:45]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 08:29]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 02:15]
"ugdccw"="C:\PROGRA~1\SECURE~1\UGDCcw.exe" []
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-28 12:19]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-28 12:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52]
"SecurePCCleaner"="C:\Program Files\SecurePCCleaner\GDC.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpenv"= {8692174A-A51A-41A4-993E-DCF99B717EF4} - C:\WINDOWS\wmpenv.dll [2007-08-07 20:43 188416]
"wmpconf"= {F0F1049A-4332-4F28-BE93-E24A9B2FBD23} - C:\WINDOWS\wmpconf.dll [2007-08-07 20:43 221184]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 gagp30kx;Microsoft Generic AGPv3.0 -suodatin K8-suoritinympäristöjä varten;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 POWERKEY;POWERKEY;\??\C:\Program Files\Launch Manager\POWERKEY.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys

*Newly Created Service* - INT15.SYS

Contents of the 'Scheduled Tasks' folder
2007-08-10 07:20:06 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 11:46:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 11:51:01
C:\ComboFix-quarantined-files.txt ... 2007-08-10 11:47

--- E O F ---

Auttaja · 10.08.2007

Eli avaa ohjauspaneelin lisää/poista sovellus ja poista (haittaohjelmia sisältää, ei välttämättä löydy)

SecurePCCleaner
TrustedAntivirus

Avaa Notepad ja kopioi/liitä allaolevassa lainausboxissa oleva teksti sinne:

Folder::
C:\Program Files\SecurePCCleaner
C:\Program Files\Common Files\TrustedAntivirus
C:\Program Files\TrustedAntivirus

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurePCCleaner"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wmpenv"=-
"wmpconf"=-

File::
C:\WINDOWS\duocore.dll

Collect::[27]
C:\WINDOWS\wmpenv.dll
C:\WINDOWS\wmpconf.dll

Laajenna...

Tallenna se nimellä CFScript (Tarkista että on juuri noin kirjoitettu)

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

sebukka · 10.08.2007

Tässä jälleen dataa...

ComboFix 07-08-09.3 - "katariina" 2007-08-10 13:14:18.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.612 [GMT 3:00]
Command switches used :: C:\Documents and Settings\katariina\Ty”p”yt„\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\duocore.dll
C:\WINDOWS\wmpenv.dll
C:\WINDOWS\wmpconf.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\KATARI~1\Suosikit.\Error Cleaner.url
C:\DOCUME~1\KATARI~1\Suosikit.\Privacy Protector.url
C:\DOCUME~1\KATARI~1\Suosikit.\Spyware&Malware Protection.url
C:\Program Files\Common Files\TrustedAntivirus
C:\Program Files\Common Files\TrustedAntivirus\is-OC8O4.VIR
C:\Program Files\Common Files\TrustedAntivirus\uga6pcw.exe
C:\Program Files\TrustedAntivirus
C:\Program Files\TrustedAntivirus\Activate.exe
C:\Program Files\TrustedAntivirus\Addons\popupg.dll
C:\Program Files\TrustedAntivirus\atf.exe
C:\Program Files\TrustedAntivirus\Base\AWBase\database\enemies.dat
C:\Program Files\TrustedAntivirus\Base\AWBase\vbpv.dat
C:\Program Files\TrustedAntivirus\Base\PGBase\vbpv.dat
C:\Program Files\TrustedAntivirus\Base\plugins\BORLNDMM.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANADWR.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANBCDR.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANDLDR.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANDOS1.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANEMUL.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANFUNC.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANMCR1.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANOTHR.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANSCR.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANTOOL.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANTROJ.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\SCANWIN1.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UNACPU.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UNADBX.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\unamscan.dll
C:\Program Files\TrustedAntivirus\Base\plugins\UNMIME.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UNPACK.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UNPACKS.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UNPACKS2.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UNPEPACK.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UpDate\UA27601.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UpDate\UA27602.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UpDate\UA27603.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UpDate\UA27604.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\UpDate\UADAILY.DLL
C:\Program Files\TrustedAntivirus\Base\plugins\vbpv.dat
C:\Program Files\TrustedAntivirus\Config\pgs.xml
C:\Program Files\TrustedAntivirus\Dat\BkSites.dat
C:\Program Files\TrustedAntivirus\Dat\bnlink.dat
C:\Program Files\TrustedAntivirus\Dat\HI.exe
C:\Program Files\TrustedAntivirus\Dat\incmp.dat
C:\Program Files\TrustedAntivirus\Dat\index.dat
C:\Program Files\TrustedAntivirus\Dat\pv.dat
C:\Program Files\TrustedAntivirus\LA\lapv.dat
C:\Program Files\TrustedAntivirus\LA\License.rtf
C:\Program Files\TrustedAntivirus\pgs.exe
C:\Program Files\TrustedAntivirus\res\cross.gif
C:\Program Files\TrustedAntivirus\res\ga6p.gif
C:\Program Files\TrustedAntivirus\res\main.ico
C:\Program Files\TrustedAntivirus\res\mini.ico
C:\Program Files\TrustedAntivirus\res\support.ico
C:\Program Files\TrustedAntivirus\res\uninstall.ico
C:\Program Files\TrustedAntivirus\RTasks.exe
C:\Program Files\TrustedAntivirus\scnkrnl.dll
C:\Program Files\TrustedAntivirus\sqlite3.dll
C:\Program Files\TrustedAntivirus\unins000.dat
C:\Program Files\TrustedAntivirus\unins000.exe
C:\Program Files\TrustedAntivirus\Update\aviupd.exe
C:\Program Files\TrustedAntivirus\Update\up.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\duocore.dll
C:\WINDOWS\wmpconf.dll
C:\WINDOWS\wmpenv.dll

((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))

2007-08-10 11:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 09:25 <KANSIO> d-------- C:\Hjt
2007-08-10 09:17 <KANSIO> d--hs---- C:\FOUND.001
2007-08-09 22:56 <KANSIO> d-------- C:\DOCUME~1\KATARI~1\APPLIC~1\F-Secure
2007-08-09 22:49 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-08-09 22:49 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-08-09 22:48 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2007-08-09 22:48 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-08-09 22:43 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
2007-08-08 22:09 158,752 --a------ C:\DOCUME~1\KATARI~1\APPLIC~1\installer_en[1].exe
2007-08-08 22:01 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-08-08 22:00 158,752 --a------ C:\DOCUME~1\KATARI~1\APPLIC~1\install_en[1].exe
2007-07-19 22:12 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-10 00:47 52716 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-08-10 00:47 291828 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-06-21 00:13 9728 --ahs---- C:\Program Files\Thumbs.db
2007-05-16 18:14 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:14 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:14 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:14 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:14 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-14 16:37 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-06 18:33 8704 --ahs---- C:\Program Files\Common Files\Thumbs.db

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 16:18]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-10-26 16:11]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-15 16:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-15 16:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 16:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-15 16:00]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-07-25 13:34]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 20:45]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 08:29]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 02:15]
"ugdccw"="C:\PROGRA~1\SECURE~1\UGDCcw.exe" []
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-28 12:19]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-28 12:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52]

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R0 gagp30kx;Microsoft Generic AGPv3.0 -suodatin K8-suoritinympäristöjä varten;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
R3 POWERKEY;POWERKEY;\??\C:\Program Files\Launch Manager\POWERKEY.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S4 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys

*Newly Created Service* - INT15.SYS

Contents of the 'Scheduled Tasks' folder
2007-08-10 09:20:02 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 13:17:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 13:18:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 13:18
C:\ComboFix2.txt ... 2007-08-10 11:51

--- E O F ---

Auttaja · 10.08.2007

Onko vielä paljon ongelmia?

=======

Lataa ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

========

Skannaa koneesi Ewido Online Scannerilla

* Lataa Ewido_micro.exe tästä.
* Tallenna tiedosto esimerkiksi työpöydälle.
* Tuplaklikkaa Ewido_micro.exeä työpöydälläsi.
* Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki.
* Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa.
* Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia.
* Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä.
* Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit.
* Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle.
* Klikkaa Remove Infections -nappia.
* Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan.
* Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia.
* Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi uuden HijackThis lokin kera.

sebukka · 10.08.2007

Kone alkoi jo rauhottua ja muutenkin tuntui pelaavan.
Tässä nämä "raportit"...

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\katariina\Cookies\katariina@CATC83X1.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\katariina\Cookies\katariina@CAFMMT73.txt
Risk: Medium

Name: Adware.NewDotNet
Path: HKU\.DEFAULT\Software\New.net
Risk: Medium

Name: Adware.NewDotNet
Path: HKU\S-1-5-18\Software\New.net
Risk: Medium

Name: Adware.AvSystemcare
Path: C:\QooBox\Quarantine\C\Program Files\Common Files\AVSystemCare\uga6pcw.exe.vir
Risk: Medium

Name: Adware.AvSystemcare
Path: C:\QooBox\Quarantine\C\Program Files\Common Files\TrustedAntivirus\uga6pcw.exe.vir
Risk: Medium

Name: Adware.WinAnti!Virus
Path: C:\QooBox\Quarantine\C\Program Files\Common Files\TrustedAntivirus\is-OC8O4.VIR.vir
Risk: Medium

Name: Adware.AvSystemcare
Path: C:\QooBox\Quarantine\C\Program Files\TrustedAntivirus\Addons\popupg.dll.vir
Risk: Medium

Name: Adware.AvSystemcare
Path: C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\fopf.sys.vir
Risk: Medium

---------------------------------------------------
---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:14, on 10.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Uusi_Hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\SECURE~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?08415cd1d9ff439fa39c9eeb782a88a1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?08415cd1d9ff439fa39c9eeb782a88a1
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4909FFBA-5C2B-4557-BA0D-0FC7063F13AC}: NameServer = 82.116.225.5,194.100.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{57882E87-5002-4370-9139-E20326C0B395}: NameServer = 82.116.225.5,194.100.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4909FFBA-5C2B-4557-BA0D-0FC7063F13AC}: NameServer = 82.116.225.5,194.100.0.100
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 8553 bytes

Auttaja · 10.08.2007

Moron!

=========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...html?p=ZCfox000

Tässä ohje miten merkataan:

==========

Loistava ohje tietokoneeen nopeuttamiseksi

http://neko.1g.fi/ohje/hidastelua.html

==========

Jos sinulla ei ole tätä java versiota (6.2): Vanha java saastuttaa helposti koneesi!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp
tai http://www.filehippo.com/download_java_runtime/

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u2

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

ja ewido online skannerin raportti

sebukka · 11.08.2007

Tässä nämä raportit...

Deckard's System Scanner v20070809.63
Run by katariina on 2007-08-11 at 10:53:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
68: 2007-08-11 07:53:40 UTC - RP370 - Deckard's System Scanner Restore Point
67: 2007-08-11 07:42:41 UTC - RP369 - Installed Java(TM) 6 Update 2
66: 2007-08-10 10:32:14 UTC - RP368 - Software Distribution Service 3.0
65: 2007-08-10 10:14:12 UTC - RP367 - ComboFix created restore point
64: 2007-08-10 08:41:19 UTC - RP366 - ComboFix created restore point

-- First Restore Point --
1: 2007-05-17 03:22:07 UTC - RP303 - Järjestelmän tarkistuspiste

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as katariina.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:24, on 11.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Documents and Settings\katariina\Työpöytä\dss.exe
C:\Uusi_Hjt\katariina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yle.fi/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ugdccw] "C:\PROGRA~1\SECURE~1\UGDCcw.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?08415cd1d9ff439fa39c9eeb782a88a1
O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?08415cd1d9ff439fa39c9eeb782a88a1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4909FFBA-5C2B-4557-BA0D-0FC7063F13AC}: NameServer = 82.116.225.5,194.100.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{57882E87-5002-4370-9139-E20326C0B395}: NameServer = 82.116.225.5,194.100.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4909FFBA-5C2B-4557-BA0D-0FC7063F13AC}: NameServer = 82.116.225.5,194.100.0.100
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 9009 bytes

-- HijackThis Fixed Entries (C:\Uusi_Hjt\backups\) -----------------------------

backup-20070811-102426-139 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
backup-20070811-102426-617 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
backup-20070811-102737-774 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R1 Hotkey - c:\windows\system32\drivers\hotkey.sys
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Avocent/OSA Technologies Inc.; Windows (R) Server 2003 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 POWERKEY - c:\program files\launch manager\powerkey.sys

S1 Wbutton - c:\windows\system32\drivers\wbutton.sys (file missing)
S3 catchme - c:\docume~1\katari~1\locals~1\temp\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-08-11 10:20:02 262 --a------ C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job

-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-10 14:37:15 0 d-------- C:\Uusi_Hjt
2007-08-10 09:25:10 0 d-------- C:\Hjt
2007-08-10 09:17:32 0 d--hs---- C:\FOUND.001
2007-08-09 22:56:06 0 d-------- C:\Documents and Settings\katariina\Application Data\F-Secure
2007-08-09 22:48:07 0 d-------- C:\Program Files\F-Secure Internet Security
2007-08-09 22:48:02 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-08-09 22:43:49 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-08-08 22:09:07 158752 --a------ C:\Documents and Settings\katariina\Application Data\installer_en[1].exe
2007-08-08 22:00:26 158752 --a------ C:\Documents and Settings\katariina\Application Data\install_en[1].exe
2007-07-19 22:12:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Google

-- Find3M Report ---------------------------------------------------------------

2007-08-10 09:23:16 8081 --a------ C:\Documents and Settings\katariina\Application Data\update.log
2007-08-10 00:47:08 291828 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-08-10 00:47:08 52716 --a------ C:\WINDOWS\system32\perfc00B.dat
2007-06-21 00:13:56 9728 --ahs---- C:\Program Files\Thumbs.db
2007-05-14 16:37:58 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [19.05.2005 17:09]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [23.01.2005 10:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [23.01.2005 10:31]
"SoundMan"="SOUNDMAN.EXE" [15.04.2005 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04.02.2005 11:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04.02.2005 11:11]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [26.10.2005 16:18]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [26.10.2005 16:11]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [15.09.2004 16:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [15.09.2004 16:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [15.09.2004 16:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [15.09.2004 16:00]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [09.03.2005 18:59]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25.07.2005 13:36]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [30.08.2002 15:02]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [06.06.2005 11:52]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [16.09.2003 14:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [25.07.2005 10:45]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [25.07.2005 13:34]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [31.10.2005 19:05]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [10.03.2006 20:45]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [26.04.2006 08:29]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [16.06.2007 02:15]
"ugdccw"="C:\PROGRA~1\SECURE~1\UGDCcw.exe" []
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [28.05.2007 12:19]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [28.05.2007 12:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11.04.2006 17:52]

*Newly Created Service* - INT15.SYS

-- End of Deckard's System Scanner: finished at 2007-08-11 at 10:56:13 ---------

----------------------------------------------------------------
----------------------------------------------------------------

Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Celeron(R) M processor 1.50GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1014.42 MiB / 606.21 MiB
Pagefile Memory (total/avail): 2440.59 MiB / 2042.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.63 MiB

C: is Fixed (FAT32) - 35.47 GiB total, 8.41 GiB free.
D: is Fixed (FAT32) - 35.95 GiB total, 1.88 GiB free.
E: is CDROM (CDFS)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: F-Secure Internet Security 2007 7.02 v7.02 (F-Secure Corporation)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.221
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Outdated
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: F-Secure Internet Security 2007 7.02 v7.02 (F-Secure Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\katariina\Application Data
CLASSPATH=.;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-F96D038026
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\katariina
LOGONSERVER=\\ACER-F96D038026
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KATARI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KATARI~1\LOCALS~1\Temp
USERDOMAIN=ACER-F96D038026
USERNAME=katariina
USERPROFILE=C:\Documents and Settings\katariina
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

katariina (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0xb
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 6.0 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-000000000001}
Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Automaattiset valikot (Windows Live Toolbar) --> MsiExec.exe /X{AD211425-49BE-48D4-889C-C614DA6AC4AD}
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
F-Secure Internet Security 2007 --> "C:\Program Files\F-Secure Internet Security\FSGUI\PostInstall.exe" /tUnInstall
HijackThis 2.0.2 --> "C:\Uusi_Hjt\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Launch Manager V1.0.8.8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\Setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Mario Forever v 2.16 ! --> C:\Buziol Games\Mario Forever\UnMario.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia PC Connectivity Solution --> MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite --> MsiExec.exe /I{508FA22B-AFFC-46CD-9441-2567976574A4}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{ED79C7E1-386E-4C12-81C7-8FEFB6D396B5} /l1033 BUN4
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{65C39C99-F2C0-4286-A37A-23182E9A5E8E} /l1033 CDM7
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{E9B3A621-DCC5-4649-940C-6456CF0AF9DA}
Outlook-työkalurivi (Windows Live Toolbar) --> MsiExec.exe /X{EB36F61F-53CD-4813-BB7F-75B16AAC1713}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Ponnahdusikkunoiden esto (Windows Live Toolbar) --> MsiExec.exe /X{7A888168-7E7D-477C-9490-24CEB079435B}
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RevConnect --> "C:\Program Files\RevConnect\uninstall.exe"
Selaus välilehtiä käyttäen (Windows Live Toolbar) --> MsiExec.exe /X{E14FC354-9ED8-4D79-A7DA-356D66BF5F54}
SoftV90 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025\HXFSETUP.EXE -U -IVEN_8086&DEV_266D&SUBSYS_006A1025
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Syötteen tunnistus (Windows Live Toolbar) --> MsiExec.exe /X{71A52B94-5BF1-4B0A-8098-37A9D495D5D8}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
WebVideo Support --> C:\WINDOWS\main_uninstaller.exe
Video Access Codec v1.4 --> C:\Program Files\VideoAccessCodec\Uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) --> C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {E33C2495-B60D-4073-80CD-90DC2E66966B}
Windows Live Toolbar --> MsiExec.exe /X{E33C2495-B60D-4073-80CD-90DC2E66966B}
Windows Live Toolbarin laajennus (Windows Live Toolbar) --> MsiExec.exe /X{2C4BFAFE-F698-421B-8687-4CBF9A5FD5E0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

-- Application Event Log -------------------------------------------------------

Event ID #1498: Error
Event Submitted/Written: 08/11/2007 10:54:44 AM
Event Source: Message from F-Secure Anti-Virus on
Event Description:
2 2007-08-11 10:54:44+03:00 acer-f96d038026 ACER-F96D038026\katariina Message from F-Secure Anti-Virus on
Spyware detected:
Type: riskware
Family:
Name: Downloader.Win32.WinFixer
Object: C:\Documents and Settings\katariina\Application Data\installer_en[1].exe

Event ID #1497: Error
Event Submitted/Written: 08/11/2007 10:54:44 AM
Event Source: Message from F-Secure Anti-Virus on
Event Description:
1 2007-08-11 10:54:44+03:00 acer-f96d038026 ACER-F96D038026\katariina Message from F-Secure Anti-Virus on
Spyware detected:
Type: riskware
Family:
Name: Downloader.Win32.WinFixer
Object: C:\Documents and Settings\katariina\Application Data\install_en[1].exe

Event ID #1494: Warning
Event Submitted/Written: 08/11/2007 10:45:03 AM
Event Source: Userenv
Event Description:
Windows tallensi käyttäjän ACER-F96D038026\katariina rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.

Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

Event ID #1492: Error
Event Submitted/Written: 08/11/2007 10:24:26 AM
Event Source: F-Secure System Control
Event Description:
1 2007-08-11 10:24:26+03:00 acer-f96d038026 ACER-F96D038026\katariina F-Secure System Control
Action by an application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\C:\Uusi_Hjt\HijackThis.exe
File hash: 6ebbb54156e21ac20c27ca1fb8b3ddcacc919fa8

Event ID #1489: Warning
Event Submitted/Written: 08/10/2007 03:41:45 PM
Event Source: Userenv
Event Description:
Windows tallensi käyttäjän ACER-F96D038026\katariina rekisterin, kun jokin sovellus tai palvelu käytti yhä rekisteriä uloskirjautumisen aikana. Käyttäjän rekisterin varaamaa muistia ei ole vapautettu. Rekisterin lataus poistetaan, kun rekisteri ei ole enää käytössä.

Tähän on usein syynä käyttäjän tilin avulla suoritettavat palvelut. Määritä palvelut LocalService- tai NetworkService-tilin avulla suoritettaviksi.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event ID #13513: Error
Event Submitted/Written: 08/10/2007 02:11:41 PM
Event Source: Tcpip
Event Description:
Järjestelmä havaitsi ristiriidan IP-osoitteella 192.168.1.101 järjestelmän laitteisto-
osoitteen ollessa 00:14:A5:1E:1A:78. Tämä saattaa aiheuttaa järjestelmän verkkoyhteyksien
katkeamisen.

Event ID #13509: Warning
Event Submitted/Written: 08/10/2007 01:45:44 PM
Event Source: Dhcp
Event Description:
Tietokone määritti IP-osoitteen automaattisesti verkkokortille, jonka verkko-osoite
on 0014A46F8A49. Käytössä on IP-osoite 169.254.85.166.

Event ID #13420: Error
Event Submitted/Written: 08/10/2007 10:12:42 AM
Event Source: Service Control Manager
Event Description:
Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe:
%%126

Event ID #13417: Error
Event Submitted/Written: 08/10/2007 10:12:42 AM
Event Source: Service Control Manager
Event Description:
Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe:
%%126

Event ID #13414: Error
Event Submitted/Written: 08/10/2007 10:12:42 AM
Event Source: Service Control Manager
Event Description:
Palvelu Sovellusten hallinta lopetettiin virheen takia. Virhe:
%%126

-- End of Deckard's System Scanner: finished at 2007-08-11 at 10:56:13 ---------

------------------------------------------------------------------
------------------------------------------------------------------

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Statistik-gallup
Path: C:\Documents and Settings\katariina\Cookies\katariina@CAWTADDU.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\katariina\Cookies\katariina@CAUX4VID.txt
Risk: Medium

Auttaja · 11.08.2007

C:\Documents and Settings\katariina\Application Data\installer_en[1].exe
C:\Documents and Settings\katariina\Application Data\install_en[1].exe

Poista nää tiedostot

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

========

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

sebukka · 11.08.2007

En löytänyt näitä tiedostoja(piilotiedostot oli näkyvillä)

C:\Documents and Settings\katariina\Application Data\installer_en[1].exe
C:\Documents and Settings\katariina\Application Data\install_en[1].exe

Tyhjensin järjestelmänpalautuksen, ajoin CCleanerin, asensin SpywareBlasterin ja MVPS Hosts:in.

F-Secure löytää vielä riskiohjelman jolle se ei kuitenkaan tee mitään.

Tarkistusraportti
11. elokuuta 2007 14:28:56 - 14:52:49
Tietokoneen nimi: ACER-F96D038026
Tarkistustyyppi: Tarkista kiintolevyt
Kohde: C:\ D:\

--------------------------------------------------------------------------------

Tulos
Haittaohjelmia ei löytynyt

--------------------------------------------------------------------------------

Riskiohjelma löydetty
AdTool.Win32.WhenU.a (riskware)
C:\Recycled\Dc1\lionkingyms.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe

--------------------------------------------------------------------------------

Tilastot
Tarkistettu:
Tiedostot: 48001
Tarkistamatta: 3
Tulos:
Virukset: 0
Vakoiluohjelmat: 0
Epäilyttävät kohteet: 0
Riskiohjelma: 1
Toiminnot:
Puhdistettu: 0
Nimetty uudelleen: 0
Poistettu: 0
Eristetty: 0
Epäonnistui: 0
Käynnistyssektorit:
Tarkistettu: 1
Saanut tartunnan: 0
Epäilyttävät kohteet: 0
Puhdistettu: 0
tiedostot, tarkistamattomat:
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\PAGEFILE.SYS
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{FDEBF455-369B-46C4-AAA1-8ED7A19766AC}.BIN
Tiedoston (saat lisätietoja napsauttamalla tätä) avaaminen ei onnistu. C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

--------------------------------------------------------------------------------

Asetukset
Tunnisteiden versio:
Virukset: 2007-08-10_10
Vakoiluohjelmat: 2007-08-10_10
Tarkistusohjelmat:
F-Secure AVP: 7.00.171, 2007-08-10
F-Secure Libra: 2.04.01, 2007-08-10
F-Secure Orion: 1.02.37, 2007-08-10
F-Secure Draco: 1.00.35, 2007-08-06
Tarkistusasetukset:
Tarkista määritetyt tiedostot: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD LSP MAP MHT MIF PHP POT WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Tarkista pakatut tiedostot
Toiminnot:
Virukset: Valitaan tarkistuksen jälkeen
Vakoiluohjelmat: Valitaan tarkistuksen jälkeen

--------------------------------------------------------------------------------

Auttaja · 11.08.2007

Jep... ei mitään vakavaa.. roskakorissa oli toi tiedosto...

sebukka · 11.08.2007

Minä KIITÄN suunnattomasti tästä avusta!
Ensimmäinen, eikä varmaan viimeinen kerta kun palaan tänne apua pyytämään.

Mukavia loppukesän jatkoja.

Kirjaudu tai liity jäseneksi

Windows Secury alert, System alert, Spyware alert .....

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Windows Secury alert, System alert, Spyware alert .....

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Auttaja Guest

sebukka Member

Jaa tämä sivu

Hyödyllisiä hakuja