XP ei käynnisty kuin vikasietotilassa. Kertoisko tämä hjt-logi syyn?

Koneen kanssa vähän ongelmia. xp ei toimi oikein. Oon asennellut muutamia erilaisia internet securityohjelmia ja poistellut niitä.
Nyt käytössä AVG antivirus ja Zone Alarm.
Tässä siis hjt logi:

Logfile of HijackThis v1.99.1
Scan saved at 15:50:24, on 11.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finbytes.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Waretus\BitComet_059\BitComet\tools\BitCometBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\Virtuaali_Asemat\DaemonTool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Tietoturva_Suojaus_Judanssi\GIANT_AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [GuruClock] "D:\Program Files\Emolevyn_Yms_Softat\Abit\GuruClock.exe"
O4 - HKLM\..\Run: [ABIT uGuru] "D:\Program Files\Emolevyn_Yms_Softat\Abit\uGuru.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQU] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] "D:\Program Files\winpatrol.exe"
O4 - HKLM\..\Run: [Spy Protector] H:\Program Files\Security Task Manager\SpyProtector.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Polttosoftat\Clone_CD\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Norton Ghost 9.0] "D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\Emolevyn_Yms_Softat\nTune\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Tietoturva_Suojaus_Judanssi\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\TIETOT~1\AVG_Free\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\All_Around_Fixailuun\System Mechanic 5 Professional\System Mechanic 5 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] D:\Program Files\All_Around_Fixailuun\ASUS_Smart_DoctorSmartDoctor.exe /start
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\Pakkaus\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgemc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - GRISOFT, s.r.o. - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\Tietoturva_Suojaus_Judanssi\Ewido_Antispyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\TIETOT~1\NVIDIA~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: fsbwsys - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\FSPC\fshttps\fshttps.exe (file missing)
O23 - Service: FSMA - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\Common\FSMA32.EXE (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Symantec Corporation - (no file)
O23 - Service: ForceWare user log service (nSvcLog) - Symantec Corporation - (no file)
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\Emolevyn_Yms_Softat\nTune\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe



Kiitos!

 

No löytyy vähän kaikkee

F- securee,McAfee ja nortonia

poista nuo lisää poista sovelutuksesta

sitten scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - GRISOFT, s.r.o. - (no file)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: fsbwsys - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\FSPC\fshttps\fshttps.exe (file missing)
O23 - Service: FSMA - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\Common\FSMA32.EXE (file missing)


Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop ccPwdSvc
sc stop ccSetMgr
sc stop FSDFWD
sc stop fshttps
sc delete ccPwdSvc
sc delete ccSetMgr
sc delete FSDFWD
sc delete fshttps

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tama on normaalia.


nimeä tuo uudelleen C:\Program Files\HijackThis(2).exe skanneriksi

Lähetä uusi hjt loki normaalissa tilassa otettu

 

Juu, ei kännistynyt vielä normaalisti. Näyttäisin ryssineeni ton F-Securen rastittamisenkin. Lisää/poista sovelluksessa ei ollut f-securea, macafeeta eikä nortonin security softia. Nortonin system works tosin on vielä.

Uusi log näyttää tältä.

Logfile of HijackThis v1.99.1
Scan saved at 0:01:54, on 12.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finbytes.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Waretus\BitComet_059\BitComet\tools\BitCometBHO.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\Virtuaali_Asemat\DaemonTool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Tietoturva_Suojaus_Judanssi\GIANT_AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [GuruClock] "D:\Program Files\Emolevyn_Yms_Softat\Abit\GuruClock.exe"
O4 - HKLM\..\Run: [ABIT uGuru] "D:\Program Files\Emolevyn_Yms_Softat\Abit\uGuru.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQU] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] "D:\Program Files\winpatrol.exe"
O4 - HKLM\..\Run: [Spy Protector] H:\Program Files\Security Task Manager\SpyProtector.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Polttosoftat\Clone_CD\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Norton Ghost 9.0] "D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\Emolevyn_Yms_Softat\nTune\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Tietoturva_Suojaus_Judanssi\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\TIETOT~1\AVG_Free\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\All_Around_Fixailuun\System Mechanic 5 Professional\System Mechanic 5 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] D:\Program Files\All_Around_Fixailuun\ASUS_Smart_DoctorSmartDoctor.exe /start
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\Pakkaus\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgemc.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - GRISOFT, s.r.o. - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\Tietoturva_Suojaus_Judanssi\Ewido_Antispyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\TIETOT~1\NVIDIA~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Symantec Corporation - (no file)
O23 - Service: ForceWare user log service (nSvcLog) - Symantec Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

Klikkaa hiiren oikella winpatrol-kuvaketta tehtäväpalkissa ja valitse exit. Ohjelma käynnistyy seuraavan käynnistyksen yhteydessä
uudelleen automaattisesti


katotaas tuosta vielä

scannaa hjt :llä merkkaa paina fix checked

O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - GRISOFT, s.r.o. - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

käynnistä > suorita kirjoita services.msc > ok

etsi sieltä serviset ja laita Seis ja ei käytössä siten klikkaa käytä etsi kaikki ja vasta sitten painat ok


BackWeb Plug-in - 4476822
ccEvtMgr
FSGKHS
NProtectService
symlcsvc.exe

eli katot että F-secure ei ole käytössä eikä norton

Poistat kansiot
C:\Program Files\Common Files\Symantec Shared
D:\PROGRA~1\ALL_AR~1\NORTON~1
D:\Program Files\Tietoturva_Suojaus_Judanssi\F-Secure_2006
Kokeile sitten normaalissa tilassa ottaa uuden hjt-loki

 

Vikasietotilassa ollaan, eikä tehtäväpalkkia ole esillä. Winpatrolia en sulkenut, kun taskmanagerin mukaan se ei ollut päällä. Uusi log näyttää tältä:

Logfile of HijackThis v1.99.1
Scan saved at 0:11:24, on 13.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis.exe
C:\WINDOWS\winhlp32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finbytes.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Waretus\BitComet_059\BitComet\tools\BitCometBHO.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\Virtuaali_Asemat\DaemonTool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Tietoturva_Suojaus_Judanssi\GIANT_AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [GuruClock] "D:\Program Files\Emolevyn_Yms_Softat\Abit\GuruClock.exe"
O4 - HKLM\..\Run: [ABIT uGuru] "D:\Program Files\Emolevyn_Yms_Softat\Abit\uGuru.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQU] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] "D:\Program Files\winpatrol.exe"
O4 - HKLM\..\Run: [Spy Protector] H:\Program Files\Security Task Manager\SpyProtector.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Polttosoftat\Clone_CD\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Norton Ghost 9.0] "D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\Emolevyn_Yms_Softat\nTune\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Tietoturva_Suojaus_Judanssi\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\TIETOT~1\AVG_Free\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\All_Around_Fixailuun\System Mechanic 5 Professional\System Mechanic 5 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [ASUS SmartDoctor] D:\Program Files\All_Around_Fixailuun\ASUS_Smart_DoctorSmartDoctor.exe /start
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\Pakkaus\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\Tietoturva_Suojaus_Judanssi\Ewido_Antispyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\TIETOT~1\NVIDIA~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Symantec Corporation - (no file)
O23 - Service: ForceWare user log service (nSvcLog) - Symantec Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Mikähän tämä on? "O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing" Selittää varmaankin nettiongelmat.

 

http://www.ctcn.net/~techweb/anti-virus/winsockfix.htm

koitas tuota jos auttaisi netti ongelmiin

1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


Nimeä uudeleen C:\Program Files\HijackThis.exe <-- skanneriksi (pomminkuva)

 

Ok.

J„rjestelm„nvalvoja - 06-12-13 16:49:59,09 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\J„rjestelm„nvalvoja\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2006-11-13 to 2006-12-13 ))))))))))))))))))))))))))))))))))


2006-12-13 01:11 <KANSIO> dr-h----- C:\Documents and Settings\J„rjestelm„nvalvoja\Recent
2006-12-13 00:45 <KANSIO> d-------- C:\Kaspersky
2006-12-11 23:48 <KANSIO> d-------- C:\Program Files\backups
2006-12-11 17:02 19,456 --a------ C:\WINDOWS\system32\tcpsvcs.exe
2006-12-11 16:54 92,672 --a------ C:\WINDOWS\system32\evntwin.exe
2006-12-11 16:54 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe
2006-12-11 16:54 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2006-12-11 16:54 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2006-12-11 16:54 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2006-12-11 16:54 32,256 --a------ C:\WINDOWS\system32\snmp.exe
2006-12-11 16:54 24,576 --a------ C:\WINDOWS\system32\evntcmd.exe
2006-12-11 16:54 103,424 --a------ C:\WINDOWS\system32\evntagnt.dll
2006-12-10 20:16 <KANSIO> d-------- C:\Documents and Settings\J„rjestelm„nvalvoja\Application Data\AVG7
2006-12-10 20:14 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-10 20:14 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-10 20:14 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-10 20:14 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-10 20:14 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-10 20:14 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-10 20:14 <KANSIO> d-------- C:\Program Files\Grisoft
2006-12-10 20:14 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-10 18:45 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
2006-12-10 18:24 39,424 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2006-12-10 17:46 466,944 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2006-12-10 17:46 208,896 --------- C:\WINDOWS\system32\nvuide.exe
2006-12-10 17:07 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-12-10 17:07 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-12-10 17:07 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2006-12-10 13:14 101,888 --a------ C:\WINDOWS\system32\nvtcp.sys
2006-12-09 00:01 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2006-12-08 21:53 59,152 --a------ C:\WINDOWS\zllsputility.exe
2006-12-08 21:16 41 --a------ C:\WINDOWS\system32\efcd0_g.dll
2006-12-06 21:09 <KANSIO> d-------- C:\Program Files\Common Files\Softwin
2006-12-03 21:42 <KANSIO> d-------- C:\WINDOWS\system32\mclsphlr
2006-12-03 21:41 94,208 --------- C:\WINDOWS\system32\mclsp.dll
2006-12-03 21:41 90,112 --------- C:\WINDOWS\system32\mcrtl32.dll
2006-12-03 21:41 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-12-03 21:41 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2006-12-03 21:41 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2006-12-03 21:41 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2006-12-03 21:41 11,264 --------- C:\WINDOWS\system32\sporder.dll
2006-12-03 20:54 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-12-03 20:54 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2006-11-28 00:53 <KANSIO> d-------- C:\Downloads
2006-11-26 22:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-22 17:31 <KANSIO> d-------- C:\Documents and Settings\J„rjestelm„nvalvoja\Application Data\fretsonfire
2006-11-21 00:56 <KANSIO> d-------- C:\Documents and Settings\J„rjestelm„nvalvoja\Application Data\Simply Super Software
2006-11-21 00:56 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TEMP


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-10 19:53 218112 --a------ C:\Program Files\skanneri
2006-12-04 01:21 48768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-12-04 01:21 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-04 00:36 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-12-03 12:49 33726 --a------ C:\WINDOWS\system32\FlashMenu.sys
2006-11-28 00:53 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-11-19 21:07 41 --a------ C:\WINDOWS\system32\dffdadc_g.dll
2006-11-03 21:40 -------- d-------- C:\Program Files\AGEIA Technologies
2006-11-01 18:30 1155072 --a------ C:\WINDOWS\system32\winsflt.dll
2006-11-01 18:05 118842 --------- C:\WINDOWS\bwUnin-6.3.2.116-4476822L.exe
2006-10-31 07:29 6912 --a------ C:\WINDOWS\nvoclock.sys
2006-10-31 07:29 380928 --a------ C:\WINDOWS\ntuneoem.dll
2006-10-31 07:27 28672 --a------ C:\WINDOWS\AutoTuneScript.dll
2006-10-31 07:27 1622016 --a------ C:\WINDOWS\NVBenchMarks.dll
2006-10-30 22:24 -------- d-------- C:\Program Files\My Company Name
2006-10-13 14:37 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 14:37 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 12:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-10 12:51 217088 --a------ C:\WINDOWS\NVGfxOgl.dll
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"System Mechanic Popup Stopper"="\"D:\\Program Files\\All_Around_Fixailuun\\System Mechanic 5 Professional\\System Mechanic 5 Professional\\PopupStopper.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DAEMON Tools-1033"="\"D:\\Program Files\\Virtuaali_Asemat\\DaemonTool\\daemon.exe\" -lang 1033"
"gcasServ"="\"D:\\Program Files\\Tietoturva_Suojaus_Judanssi\\GIANT_AntiSpyware\\gcasServ.exe\""
"NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\""
"InCD"="\"D:\\Program Files\\Polttosoftat\\Nero 7 Ultra Edition\\Nero 7\\InCD\\InCD.exe\""
"GuruClock"="\"D:\\Program Files\\Emolevyn_Yms_Softat\\Abit\\GuruClock.exe\""
"ABIT uGuru"="\"D:\\Program Files\\Emolevyn_Yms_Softat\\Abit\\uGuru.exe\""
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"AudioHQU"="\"C:\\Program Files\\Creative\\SBLive\\AudioHQ\\AHQTBU.EXE\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe\""
"tcactive"=""
"tcmonitor"=""
"WinPatrol"="\"D:\\Program Files\\winpatrol.exe\""
"Spy Protector"="H:\\Program Files\\Security Task Manager\\SpyProtector.exe /autostart"
"CloneCDTray"="\"D:\\Program Files\\Polttosoftat\\Clone_CD\\CloneCD\\CloneCDTray.exe\" /s"
"Norton Ghost 9.0"="\"D:\\Program Files\\All_Around_Fixailuun\\Norton System Works 2005 Premier\\Norton Ghost\\Agent\\GhostTray.exe\""
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="\"RunDLL32.exe\" NvMCTray.dll,NvTaskbarInit"
"AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"nTrayFw"="D:\\PROGRA~1\\EMOLEV~1\\NVIDIA~1\\Ethernet\\bin\\nTrayFw.exe"
@=""
"NVIDIA nTune"="\"D:\\Program Files\\Emolevyn_Yms_Softat\\nTune\\nTune\\nTuneCmd.exe\" clear"
"Zone Labs Client"="\"D:\\Program Files\\Tietoturva_Suojaus_Judanssi\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="D:\\PROGRA~1\\TIETOT~1\\AVG_Free\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"Spyware Doctor"="\"D:\\Program Files\\Tietoturva_Suojaus_Judanssi\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="D:\\PROGRA~1\\TIETOT~1\\AVG_Free\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"Spyware Doctor"="\"D:\\Program Files\\Tietoturva_Suojaus_Judanssi\\Spyware Doctor\\swdoctor.exe\" /Q"
"AVG7_Run"="D:\\PROGRA~1\\TIETOT~1\\AVG_Free\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="GIANT AntiSpyware Service Hook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoRecentDocsHistory"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSSERV"=dword:00000002
"bdss"=dword:00000002
"LIVESRV"=dword:00000002
"XCOMM"=dword:00000002
"iPodService"=dword:00000003
"McShield"=dword:00000002
"McDetect.exe"=dword:00000002
"McTskshd.exe"=dword:00000002
"mcupdmgr.exe"=dword:00000003
"MpfService"=dword:00000002
"McAfee AntiSpyware Service"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-13 16:50:25.98
C:\ComboFix.txt ... 06-12-13 16:50

 

laita hjt loki

 

ok. Vähän ihmetyttää, että miten prkl tuo Symantec Corporation on kytketty tuohon nVidian ForceWareen.

Logfile of HijackThis v1.99.1
Scan saved at 18:31:00, on 13.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finbytes.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Waretus\BitComet_059\BitComet\tools\BitCometBHO.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\Virtuaali_Asemat\DaemonTool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Tietoturva_Suojaus_Judanssi\GIANT_AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [GuruClock] "D:\Program Files\Emolevyn_Yms_Softat\Abit\GuruClock.exe"
O4 - HKLM\..\Run: [ABIT uGuru] "D:\Program Files\Emolevyn_Yms_Softat\Abit\uGuru.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQU] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] "D:\Program Files\winpatrol.exe"
O4 - HKLM\..\Run: [Spy Protector] H:\Program Files\Security Task Manager\SpyProtector.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Polttosoftat\Clone_CD\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Norton Ghost 9.0] "D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\Emolevyn_Yms_Softat\nTune\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Tietoturva_Suojaus_Judanssi\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\TIETOT~1\AVG_Free\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\All_Around_Fixailuun\System Mechanic 5 Professional\System Mechanic 5 Professional\PopupStopper.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\Pakkaus\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\Tietoturva_Suojaus_Judanssi\Ewido_Antispyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\TIETOT~1\NVIDIA~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Symantec Corporation - (no file)
O23 - Service: ForceWare user log service (nSvcLog) - Symantec Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

samaa tuossa kattelin

scanna hjt:llä merkkaa paina Fix checked

O23 - Service: ForceWare IP service (nSvcIp) - Symantec Corporation - (no file)
O23 - Service: ForceWare user log service (nSvcLog) - Symantec Corporation - (no file)


käynnistä > suorita kirjoita alla olevat ja jokaisen rivin jälkeen paina ok

sc stop nSvcIp
sc delete nSvcIp
sc stop nSvcLog
sc delete nSvcLog

katos tosta linkistä Linkki
Poistetaas sillä kokonaan koko norton

Lainauksessa näkyy miten tässä koneessa on sama kohta.

Laita sitten uusi hjt loki

 

Joo, pelottavan paljon samaa on. uusi log näyttää tältä:

Logfile of HijackThis v1.99.1
Scan saved at 23:13:28, on 13.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finbytes.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Waretus\BitComet_059\BitComet\tools\BitCometBHO.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\Virtuaali_Asemat\DaemonTool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Tietoturva_Suojaus_Judanssi\GIANT_AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [InCD] "D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [GuruClock] "D:\Program Files\Emolevyn_Yms_Softat\Abit\GuruClock.exe"
O4 - HKLM\..\Run: [ABIT uGuru] "D:\Program Files\Emolevyn_Yms_Softat\Abit\uGuru.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AudioHQU] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] "D:\Program Files\winpatrol.exe"
O4 - HKLM\..\Run: [Spy Protector] H:\Program Files\Security Task Manager\SpyProtector.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Polttosoftat\Clone_CD\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Norton Ghost 9.0] "D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\Emolevyn_Yms_Softat\nTune\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Tietoturva_Suojaus_Judanssi\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\TIETOT~1\AVG_Free\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Program Files\All_Around_Fixailuun\System Mechanic 5 Professional\System Mechanic 5 Professional\PopupStopper.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\Pakkaus\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://H:\Waretus\BitComet_059\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\KIRJOI~1\Office\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\TIETOT~1\AVG_Free\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\Tietoturva_Suojaus_Judanssi\Ewido_Antispyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\EMOLEV~1\NVIDIA~1\Ethernet\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\TIETOT~1\NVIDIA~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Polttosoftat\Nero 7 Ultra Edition\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\All_Around_Fixailuun\Norton System Works 2005 Premier\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\ALL_AR~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe