Logi

Siellä ois kaks piilotiedostoo oottamassa Virustorjunnassa.
Onneks ne on molemmat win 98 helpompi poistaa.

Juu kirjoitti:

Siellä ois kaks piilotiedostoo oottamassa Virustorjunnassa.
Onneks ne on molemmat win 98 helpompi poistaa.

Vai niin...ehdin kuitenkin aloittaa Juun ohjeiden mukaan ja tässä on uusi logi. Vikasietotilaan en päässyt F-kasilla, mistähän se johtuu?

Logfile of HijackThis v1.99.1
Scan saved at 17:35:59, on 20.2.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Katti kirjoitti:

Vai niin...ehdin kuitenkin aloittaa Juun ohjeiden mukaan ja tässä on uusi logi. Vikasietotilaan en päässyt F-kasilla, mistähän se johtuu?

Logfile of HijackThis v1.99.1
Scan saved at 17:35:59, on 20.2.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Lue lisää

Mitähän noista linkeistä pitäisi tapahtua....?
Hijackthis uninstall-list:

Ad-aware 6 Personal
Adobe Reader 6.0.1
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Athlon 64 Processor Driver
Broadcom 802.11 Driver
CC_ccStart
ccCommon
EliteBar Internet Explorer Toolbar
Golden Retriever Cash Back
HijackThis 1.99.1
InterVideo WinDVD
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Media-motor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft Office 2000 Premium
Microsoft Picture It! 2000
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works 2000
Microsoft Works 2000 Osien valitseminen
Mozilla Firefox (1.0)
Mozilla Thunderbird (1.0)
MSN Messenger 6.2
MSN Työkalupalkki
MSRedist
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Q837009
PCI 1620 Cardbus Controller and Software
Quick Launch Buttons 4.20 E1
QuickTime
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
RecordNow!
Sonic Update Manager
SoundMAX
Sygate Personal Firewall Pro
Symantec Script Blocking Installer
SymNet
Uninstall 180search Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix (SP2) q329623
Windows XP Hotfix (SP2) q330512
Windows XP Hotfix (SP2) Q811114
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817357
Windows XP Hotfix (SP2) Q819696
Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q331958]
Windows XP Hotfix- KB810217
Windows XP Hotfix- KB822603
Windows XP Hotfix- KB822827
Windows XP Hotfix- KB823182
Windows XP Hotfix- KB824105
Windows XP Hotfix- KB824141
Windows XP Hotfix- KB825119
Windows XP Hotfix- KB826939
Windows XP Hotfix- KB826942
Windows XP Hotfix- KB828028
Windows XP Hotfix- KB828035
Windows XP Hotfix- KB828741
Windows XP Hotfix- KB833407
Windows XP Hotfix- KB833987
Windows XP Hotfix- KB835732
Windows XP Hotfix- KB837001
Windows XP Hotfix- KB842773
Word in Works Suite -apuohjelma

Katti kirjoitti:

Vai niin...ehdin kuitenkin aloittaa Juun ohjeiden mukaan ja tässä on uusi logi. Vikasietotilaan en päässyt F-kasilla, mistähän se johtuu?

Logfile of HijackThis v1.99.1
Scan saved at 17:35:59, on 20.2.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Lue lisää

Merkkaa ja FIX:saa

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe

Poista sen jälkeen jos löytyy

elitebda32.exe


> Vikasietotilaan en päässyt F-kasilla, mistähän se johtuu? <

En tiiä

Pistä tänne ne Ad-Awaren mainitsemat listat,niissä voi olla poistettavaa.

Katti kirjoitti:

Mitähän noista linkeistä pitäisi tapahtua....?
Hijackthis uninstall-list:

Ad-aware 6 Personal
Adobe Reader 6.0.1
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Athlon 64 Processor Driver
Broadcom 802.11 Driver
CC_ccStart
ccCommon
EliteBar Internet Explorer Toolbar
Golden Retriever Cash Back
HijackThis 1.99.1
InterVideo WinDVD
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Media-motor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft Office 2000 Premium
Microsoft Picture It! 2000
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works 2000
Microsoft Works 2000 Osien valitseminen
Mozilla Firefox (1.0)
Mozilla Thunderbird (1.0)
MSN Messenger 6.2
MSN Työkalupalkki
MSRedist
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Q837009
PCI 1620 Cardbus Controller and Software
Quick Launch Buttons 4.20 E1
QuickTime
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
RecordNow!
Sonic Update Manager
SoundMAX
Sygate Personal Firewall Pro
Symantec Script Blocking Installer
SymNet
Uninstall 180search Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix (SP2) q329623
Windows XP Hotfix (SP2) q330512
Windows XP Hotfix (SP2) Q811114
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817357
Windows XP Hotfix (SP2) Q819696
Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q331958]
Windows XP Hotfix- KB810217
Windows XP Hotfix- KB822603
Windows XP Hotfix- KB822827
Windows XP Hotfix- KB823182
Windows XP Hotfix- KB824105
Windows XP Hotfix- KB824141
Windows XP Hotfix- KB825119
Windows XP Hotfix- KB826939
Windows XP Hotfix- KB826942
Windows XP Hotfix- KB828028
Windows XP Hotfix- KB828035
Windows XP Hotfix- KB828741
Windows XP Hotfix- KB833407
Windows XP Hotfix- KB833987
Windows XP Hotfix- KB835732
Windows XP Hotfix- KB837001
Windows XP Hotfix- KB842773
Word in Works Suite -apuohjelma

Lue lisää

Poista nuo

Ad-aware 6 Personal
EliteBar Internet Explorer Toolbar
Golden Retriever Cash Back
Uninstall 180search Assistant
Media-motor


> Mitähän noista linkeistä pitäisi tapahtua....? <

Sielähän on ohjeet linkissä

Juu kirjoitti:

Merkkaa ja FIX:saa

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe

Poista sen jälkeen jos löytyy

elitebda32.exe


> Vikasietotilaan en päässyt F-kasilla, mistähän se johtuu? <

En tiiä

Pistä tänne ne Ad-Awaren mainitsemat listat,niissä voi olla poistettavaa.

Lue lisää

elitebda32.exe ei löydy.

Fixaaminen ei auta

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe

Juu kirjoitti:

Poista nuo

Ad-aware 6 Personal
EliteBar Internet Explorer Toolbar
Golden Retriever Cash Back
Uninstall 180search Assistant
Media-motor


> Mitähän noista linkeistä pitäisi tapahtua....? <

Sielähän on ohjeet linkissä

Lue lisää

Golden Retriever Cash Back

ei poistu windowsin lisää/poista sovellus -toiminnon avulla.

EliteBar Internet Explorer Toolbar

ei löydy listasta.

Voiko Hijackthis ohjelmalla poistaa nuo?

Katti kirjoitti:

elitebda32.exe ei löydy.

Fixaaminen ei auta

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe

No jos et saa konetta vikasietotilaan niin koita näin.

Avaa Hijackki
paina Config..
paina Misc Tools
paina Delete a file on reboot

Sitte kopio ja liitä tuo sinne

C:\windows\system32\elitebda32.exe

Avaa se sinne ja käynnistä kone uudestaan ja kato jos se on poissa.

Katti kirjoitti:

Golden Retriever Cash Back

ei poistu windowsin lisää/poista sovellus -toiminnon avulla.

EliteBar Internet Explorer Toolbar

ei löydy listasta.

Voiko Hijackthis ohjelmalla poistaa nuo?

Lue lisää

> Golden Retriever Cash Back
ei poistu windowsin lisää/poista sovellus -toiminnon avulla <

Meinasin sanoo,että kokeile poistaa vikasietotilassa...heh

> EliteBar Internet Explorer Toolbar
ei löydy listasta. <

Hyvä niin

> Voiko Hijackthis ohjelmalla poistaa nuo? <

Onhan siellä se Delete this entry

Juu kirjoitti:

No jos et saa konetta vikasietotilaan niin koita näin.

Avaa Hijackki
paina Config..
paina Misc Tools
paina Delete a file on reboot

Sitte kopio ja liitä tuo sinne

C:\windows\system32\elitebda32.exe

Avaa se sinne ja käynnistä kone uudestaan ja kato jos se on poissa.

Lue lisää

Ei lähtenyt, mutta käynnistyksen yhteydessä 1 popup vähemmän.

Logfile of HijackThis v1.99.1
Scan saved at 18:46:51, on 20.2.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Nyt kun tajusin ne linkit, niiden listat:

?¡?¡?¡?@’Ê?íƒtƒ@ƒCƒ‹ ?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files

20.02.2005 18:43 .
20.02.2005 18:43 ..
13.02.2005 23:15 Adobe
04.02.2005 21:59 AMD
04.02.2005 21:56 Analog Devices
04.02.2005 21:58 Apoint2K
20.02.2005 18:43 Common Files
04.02.2005 21:02 ComPlus Applications
20.02.2005 18:46 HijackThis
13.02.2005 15:21 HPQ
09.02.2005 00:39 imGiant
11.02.2005 21:58 Internet Explorer
13.02.2005 15:23 InterVideo
04.02.2005 22:15 iPod
04.02.2005 22:15 iTunes
04.02.2005 22:08 Java
10.02.2005 19:43 Lavasoft
09.02.2005 16:28 Messenger
19.02.2005 23:50 microsoft frontpage
19.02.2005 23:51 Microsoft Office
13.02.2005 17:18 Microsoft Visual Studio
13.02.2005 17:21 Microsoft Works
13.02.2005 17:03 Microsoft Works Suite 2000
13.02.2005 23:15 Movie Maker
19.02.2005 17:43 Mozilla Firefox
20.02.2005 01:57 Mozilla Thunderbird
12.02.2005 16:01 MSN
15.02.2005 17:11 MSN Apps
04.02.2005 21:02 MSN Gaming Zone
19.02.2005 22:33 MSN Messenger
11.02.2005 21:35 NetMeeting
09.02.2005 23:28 Norton AntiVirus
13.02.2005 16:34 OfficeUpdate11
04.02.2005 21:05 Online Services
19.02.2005 16:01 Outlook Express
09.02.2005 00:40 Power Scan
04.02.2005 22:15 QuickTime
04.02.2005 22:07 RecordNow!
13.02.2005 13:27 SideFind
04.02.2005 22:07 Sonic
17.02.2005 19:57 Sygate
09.02.2005 23:26 Symantec
09.02.2005 23:26 SymNetDrv
20.02.2005 16:53 Windows FormatAd
19.02.2005 16:58 Windows Media Player
20.02.2005 15:39 Windows NT
04.02.2005 21:06 xerox
0 tiedosto(a) 0 tavua
47 kansio(ta) 50ÿ842ÿ525ÿ696 tavua vapaana

?¡?¡?¡?@ƒVƒXƒeƒ€ƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files


?¡?¡?¡?@‰B‚µƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files

04.02.2005 22:26 InstallShield Installation Information
11.02.2005 21:33 Uninstall Information
09.02.2005 23:38 WindowsUpdate
0 tiedosto(a) 0 tavua
3 kansio(ta) 50ÿ842ÿ525ÿ696 tavua vapaana


Ja se toinen


---------- UNINSTALLPROGRAMLIST
"DisplayName"="Golden Retriever Cash Back"
"DisplayName"="Agere Systems AC'97 Modem"
"DisplayName"="Broadcom 802.11 Driver"
"DisplayName"="EliteBar Internet Explorer Toolbar"
"DisplayName"="HijackThis 1.99.1"
"DisplayName"="iTunes"
"DisplayName"="PCI 1620 Cardbus Controller and Software"
"DisplayName"="Windows XP Hotfix- KB810217"
"DisplayName"="Windows XP Hotfix- KB822603"
"DisplayName"="Windows XP Hotfix- KB822827"
"DisplayName"="Windows XP Hotfix- KB823182"
"DisplayName"="Windows XP Hotfix- KB824105"
"DisplayName"="Windows XP Hotfix- KB824141"
"DisplayName"="Windows XP Hotfix- KB825119"
"DisplayName"="Windows XP Hotfix- KB826939"
"DisplayName"="Windows XP Hotfix- KB826942"
"DisplayName"="Windows XP Hotfix- KB828028"
"DisplayName"="Windows XP Hotfix- KB828035"
"DisplayName"="Windows XP Hotfix- KB828741"
"DisplayName"="Windows XP Hotfix- KB833407"
"DisplayName"="Windows XP Hotfix- KB833987"
"DisplayName"="Windows XP Hotfix- KB835732"
"DisplayName"="Windows XP Hotfix- KB837001"
"DisplayName"="Windows XP Hotfix - KB840987"
"DisplayName"="Windows XP Hotfix - KB841356"
"DisplayName"="Windows XP Hotfix - KB841533"
"DisplayName"="Windows XP Hotfix- KB842773"
"DisplayName"="Windows XP Hotfix - KB867282"
"DisplayName"="Windows XP Hotfix - KB871250"
"DisplayName"="Windows XP Hotfix - KB873333"
"DisplayName"="Windows XP Hotfix - KB873339"
"DisplayName"="Windows XP Hotfix - KB873376"
"DisplayName"="Windows XP Hotfix - KB885250"
"DisplayName"="Windows XP Hotfix - KB885835"
"DisplayName"="Windows XP Hotfix - KB885836"
"DisplayName"="Windows XP Hotfix - KB888113"
"DisplayName"="Windows XP Hotfix - KB888302"
"DisplayName"="Windows XP Hotfix - KB890047"
"DisplayName"="Windows XP Hotfix - KB890175"
"DisplayName"="Windows XP Hotfix - KB891711"
"DisplayName"="Windows XP Hotfix - KB891781"
"DisplayName"="LiveReg (Symantec Corporation)"
"DisplayName"="LiveUpdate 2.5 (Symantec Corporation)"
"DisplayName"="Mozilla Firefox (1.0)"
"DisplayName"="Mozilla Thunderbird (1.0)"
"DisplayName"="MSN Työkalupalkki"
"DisplayName"="NVIDIA Windows 2000/XP Display Drivers"
"DisplayName"="NVIDIA nForce Drivers"
"DisplayName"="Outlook Express Q837009"
"DisplayName"="Windows XP Hotfix (SP2) q329623"
"DisplayName"="Windows XP Hotfix (SP2) q330512"
"DisplayName"="Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q331958]"
"DisplayName"="Windows XP Hotfix (SP2) Q811114"
"DisplayName"="Windows XP Hotfix (SP2) Q814995"
"DisplayName"="Windows XP Hotfix (SP2) Q815485"
"DisplayName"="Windows XP Hotfix (SP2) Q817357"
"DisplayName"="Windows XP Hotfix (SP2) Q819696"
"DisplayName"="QuickTime"
"DisplayName"="Norton AntiVirus 2004 (Symantec Corporation)"
"DisplayName"="Windows Media Format Runtime"
"DisplayName"="Windows Media Player 10"
"DisplayName"="Microsoft Works 2000 Osien valitseminen"
"DisplayName"="Microsoft Office 2000 Premium"
"DisplayName"="Microsoft Word 2000"
"DisplayName"="Sonic Update Manager"
"DisplayName"="Norton WMI Update"
"DisplayName"="WebFldrs XP"
"DisplayName"="Microsoft .NET Framework 1.1 Finnish Language Pack"
"DisplayName"="Java 2 Runtime Environment, SE v1.4.2_03"
"DisplayName"="Symantec Network Drivers Update"
"DisplayName"="Microsoft Word 2002"
"DisplayName"="RecordNow!"
"DisplayName"="iTunes"
"DisplayName"="TI1620/1520"
"DisplayName"="Realtek RTL8139/810x Fast Ethernet NIC Driver Setup"
"DisplayName"="InterVideo WinDVD"
"DisplayName"="ALPS Touch Pad Driver"
"DisplayName"="Word in Works Suite -apuohjelma"
"DisplayName"="MSN Messenger 6.2"
"DisplayName"="Adobe Reader 6.0.1"
"DisplayName"="Sygate Personal Firewall Pro"
"DisplayName"="Athlon 64 Processor Driver"
"DisplayName"="Norton AntiVirus 2004"
"DisplayName"="Microsoft .NET Framework 1.1"
"DisplayName"="Quick Launch Buttons 4.20 E1"
"DisplayName"="Symantec Script Blocking Installer"
"DisplayName"="CC_ccStart"
"DisplayName"="ccCommon"
"DisplayName"="SymNet"
"DisplayName"="Norton AntiVirus Parent MSI"
"DisplayName"="Microsoft Picture It! 2000"
"DisplayName"="SoundMAX"
"DisplayName"="Microsoft Works 2000"
"DisplayName"="MSRedist"


Kaiken kaikkiaan näiden kikkailujen aikana käynnissä olevien prosessien määrä on tehtävienhallinan mukaan pudonnut 51:stä 42:een. Viime uudelleenkäynnistyksen jälkeen ei yhtään popupia. Suurkiitos tähänastisista neuvoista.

Juu kirjoitti:

> Golden Retriever Cash Back
ei poistu windowsin lisää/poista sovellus -toiminnon avulla <

Meinasin sanoo,että kokeile poistaa vikasietotilassa...heh

> EliteBar Internet Explorer Toolbar
ei löydy listasta. <

Hyvä niin

> Voiko Hijackthis ohjelmalla poistaa nuo? <

Onhan siellä se Delete this entry

Lue lisää

Delete this entryä voi siis huoletta käyttää?

Golden retriever väittää poistuvanse rebootin jälkeen, mutta tut se mihinkään poistuu...

Katti kirjoitti:

Ei lähtenyt, mutta käynnistyksen yhteydessä 1 popup vähemmän.

Logfile of HijackThis v1.99.1
Scan saved at 18:46:51, on 20.2.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Nyt kun tajusin ne linkit, niiden listat:

?¡?¡?¡?@’Ê?íƒtƒ@ƒCƒ‹ ?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files

20.02.2005 18:43 .
20.02.2005 18:43 ..
13.02.2005 23:15 Adobe
04.02.2005 21:59 AMD
04.02.2005 21:56 Analog Devices
04.02.2005 21:58 Apoint2K
20.02.2005 18:43 Common Files
04.02.2005 21:02 ComPlus Applications
20.02.2005 18:46 HijackThis
13.02.2005 15:21 HPQ
09.02.2005 00:39 imGiant
11.02.2005 21:58 Internet Explorer
13.02.2005 15:23 InterVideo
04.02.2005 22:15 iPod
04.02.2005 22:15 iTunes
04.02.2005 22:08 Java
10.02.2005 19:43 Lavasoft
09.02.2005 16:28 Messenger
19.02.2005 23:50 microsoft frontpage
19.02.2005 23:51 Microsoft Office
13.02.2005 17:18 Microsoft Visual Studio
13.02.2005 17:21 Microsoft Works
13.02.2005 17:03 Microsoft Works Suite 2000
13.02.2005 23:15 Movie Maker
19.02.2005 17:43 Mozilla Firefox
20.02.2005 01:57 Mozilla Thunderbird
12.02.2005 16:01 MSN
15.02.2005 17:11 MSN Apps
04.02.2005 21:02 MSN Gaming Zone
19.02.2005 22:33 MSN Messenger
11.02.2005 21:35 NetMeeting
09.02.2005 23:28 Norton AntiVirus
13.02.2005 16:34 OfficeUpdate11
04.02.2005 21:05 Online Services
19.02.2005 16:01 Outlook Express
09.02.2005 00:40 Power Scan
04.02.2005 22:15 QuickTime
04.02.2005 22:07 RecordNow!
13.02.2005 13:27 SideFind
04.02.2005 22:07 Sonic
17.02.2005 19:57 Sygate
09.02.2005 23:26 Symantec
09.02.2005 23:26 SymNetDrv
20.02.2005 16:53 Windows FormatAd
19.02.2005 16:58 Windows Media Player
20.02.2005 15:39 Windows NT
04.02.2005 21:06 xerox
0 tiedosto(a) 0 tavua
47 kansio(ta) 50ÿ842ÿ525ÿ696 tavua vapaana

?¡?¡?¡?@ƒVƒXƒeƒ€ƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files


?¡?¡?¡?@‰B‚µƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files

04.02.2005 22:26 InstallShield Installation Information
11.02.2005 21:33 Uninstall Information
09.02.2005 23:38 WindowsUpdate
0 tiedosto(a) 0 tavua
3 kansio(ta) 50ÿ842ÿ525ÿ696 tavua vapaana


Ja se toinen


---------- UNINSTALLPROGRAMLIST
"DisplayName"="Golden Retriever Cash Back"
"DisplayName"="Agere Systems AC'97 Modem"
"DisplayName"="Broadcom 802.11 Driver"
"DisplayName"="EliteBar Internet Explorer Toolbar"
"DisplayName"="HijackThis 1.99.1"
"DisplayName"="iTunes"
"DisplayName"="PCI 1620 Cardbus Controller and Software"
"DisplayName"="Windows XP Hotfix- KB810217"
"DisplayName"="Windows XP Hotfix- KB822603"
"DisplayName"="Windows XP Hotfix- KB822827"
"DisplayName"="Windows XP Hotfix- KB823182"
"DisplayName"="Windows XP Hotfix- KB824105"
"DisplayName"="Windows XP Hotfix- KB824141"
"DisplayName"="Windows XP Hotfix- KB825119"
"DisplayName"="Windows XP Hotfix- KB826939"
"DisplayName"="Windows XP Hotfix- KB826942"
"DisplayName"="Windows XP Hotfix- KB828028"
"DisplayName"="Windows XP Hotfix- KB828035"
"DisplayName"="Windows XP Hotfix- KB828741"
"DisplayName"="Windows XP Hotfix- KB833407"
"DisplayName"="Windows XP Hotfix- KB833987"
"DisplayName"="Windows XP Hotfix- KB835732"
"DisplayName"="Windows XP Hotfix- KB837001"
"DisplayName"="Windows XP Hotfix - KB840987"
"DisplayName"="Windows XP Hotfix - KB841356"
"DisplayName"="Windows XP Hotfix - KB841533"
"DisplayName"="Windows XP Hotfix- KB842773"
"DisplayName"="Windows XP Hotfix - KB867282"
"DisplayName"="Windows XP Hotfix - KB871250"
"DisplayName"="Windows XP Hotfix - KB873333"
"DisplayName"="Windows XP Hotfix - KB873339"
"DisplayName"="Windows XP Hotfix - KB873376"
"DisplayName"="Windows XP Hotfix - KB885250"
"DisplayName"="Windows XP Hotfix - KB885835"
"DisplayName"="Windows XP Hotfix - KB885836"
"DisplayName"="Windows XP Hotfix - KB888113"
"DisplayName"="Windows XP Hotfix - KB888302"
"DisplayName"="Windows XP Hotfix - KB890047"
"DisplayName"="Windows XP Hotfix - KB890175"
"DisplayName"="Windows XP Hotfix - KB891711"
"DisplayName"="Windows XP Hotfix - KB891781"
"DisplayName"="LiveReg (Symantec Corporation)"
"DisplayName"="LiveUpdate 2.5 (Symantec Corporation)"
"DisplayName"="Mozilla Firefox (1.0)"
"DisplayName"="Mozilla Thunderbird (1.0)"
"DisplayName"="MSN Työkalupalkki"
"DisplayName"="NVIDIA Windows 2000/XP Display Drivers"
"DisplayName"="NVIDIA nForce Drivers"
"DisplayName"="Outlook Express Q837009"
"DisplayName"="Windows XP Hotfix (SP2) q329623"
"DisplayName"="Windows XP Hotfix (SP2) q330512"
"DisplayName"="Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q331958]"
"DisplayName"="Windows XP Hotfix (SP2) Q811114"
"DisplayName"="Windows XP Hotfix (SP2) Q814995"
"DisplayName"="Windows XP Hotfix (SP2) Q815485"
"DisplayName"="Windows XP Hotfix (SP2) Q817357"
"DisplayName"="Windows XP Hotfix (SP2) Q819696"
"DisplayName"="QuickTime"
"DisplayName"="Norton AntiVirus 2004 (Symantec Corporation)"
"DisplayName"="Windows Media Format Runtime"
"DisplayName"="Windows Media Player 10"
"DisplayName"="Microsoft Works 2000 Osien valitseminen"
"DisplayName"="Microsoft Office 2000 Premium"
"DisplayName"="Microsoft Word 2000"
"DisplayName"="Sonic Update Manager"
"DisplayName"="Norton WMI Update"
"DisplayName"="WebFldrs XP"
"DisplayName"="Microsoft .NET Framework 1.1 Finnish Language Pack"
"DisplayName"="Java 2 Runtime Environment, SE v1.4.2_03"
"DisplayName"="Symantec Network Drivers Update"
"DisplayName"="Microsoft Word 2002"
"DisplayName"="RecordNow!"
"DisplayName"="iTunes"
"DisplayName"="TI1620/1520"
"DisplayName"="Realtek RTL8139/810x Fast Ethernet NIC Driver Setup"
"DisplayName"="InterVideo WinDVD"
"DisplayName"="ALPS Touch Pad Driver"
"DisplayName"="Word in Works Suite -apuohjelma"
"DisplayName"="MSN Messenger 6.2"
"DisplayName"="Adobe Reader 6.0.1"
"DisplayName"="Sygate Personal Firewall Pro"
"DisplayName"="Athlon 64 Processor Driver"
"DisplayName"="Norton AntiVirus 2004"
"DisplayName"="Microsoft .NET Framework 1.1"
"DisplayName"="Quick Launch Buttons 4.20 E1"
"DisplayName"="Symantec Script Blocking Installer"
"DisplayName"="CC_ccStart"
"DisplayName"="ccCommon"
"DisplayName"="SymNet"
"DisplayName"="Norton AntiVirus Parent MSI"
"DisplayName"="Microsoft Picture It! 2000"
"DisplayName"="SoundMAX"
"DisplayName"="Microsoft Works 2000"
"DisplayName"="MSRedist"


Kaiken kaikkiaan näiden kikkailujen aikana käynnissä olevien prosessien määrä on tehtävienhallinan mukaan pudonnut 51:stä 42:een. Viime uudelleenkäynnistyksen jälkeen ei yhtään popupia. Suurkiitos tähänastisista neuvoista.

Lue lisää

Sun pitää vissiin saada se kone jotenki vikasietotilaan.

Merkkaa ja FIX:saa

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe

Sitte vikasietotilassa piilotiedostot näkyvillä poistat ton

elitebda32.exe

Tuolta c:\Program Files nuo kansiot pois

SideFind < kato ensin varalta mitä siellä on.
Windows FormatAd

Katti kirjoitti:

Delete this entryä voi siis huoletta käyttää?

Golden retriever väittää poistuvanse rebootin jälkeen, mutta tut se mihinkään poistuu...

> Delete this entryä voi siis huoletta käyttää? <

En oo 100 varma mutta koita sitä tohon

Golden Retriever Cash Back

Juu kirjoitti:

Sun pitää vissiin saada se kone jotenki vikasietotilaan.

Merkkaa ja FIX:saa

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe

Sitte vikasietotilassa piilotiedostot näkyvillä poistat ton

elitebda32.exe

Tuolta c:\Program Files nuo kansiot pois

SideFind < kato ensin varalta mitä siellä on.
Windows FormatAd

Lue lisää

Palataan asiaan, kun vikasietotila löytyy.

Juu kirjoitti:

Sun pitää vissiin saada se kone jotenki vikasietotilaan.

Merkkaa ja FIX:saa

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe

Sitte vikasietotilassa piilotiedostot näkyvillä poistat ton

elitebda32.exe

Tuolta c:\Program Files nuo kansiot pois

SideFind < kato ensin varalta mitä siellä on.
Windows FormatAd

Lue lisää

käynnistysvaiheessa.....
Listasta vikasietotila..

Juu kirjoitti:

Sun pitää vissiin saada se kone jotenki vikasietotilaan.

Merkkaa ja FIX:saa

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebda32.exe

Sitte vikasietotilassa piilotiedostot näkyvillä poistat ton

elitebda32.exe

Tuolta c:\Program Files nuo kansiot pois

SideFind < kato ensin varalta mitä siellä on.
Windows FormatAd

Lue lisää

pois vaan tuo SideFind

sekä lisäksi vielä tuo

Power Scan
.
.

Katti kirjoitti:

Palataan asiaan, kun vikasietotila löytyy.

Kato tuolta miten se tehään msconfig:in kautta,mutta luulen että jos se ei noinkaan käynnisty vikasietotilaan, niin se on sitte juntturassa se kone.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&ExpandSection=4&Src=sec_doc_nam

Ad-Aware kirjoitti:

pois vaan tuo SideFind

sekä lisäksi vielä tuo

Power Scan
.
.

Se msconfig auttoi. Nyt toimii taas F8.
Uusimmat logit:

Logfile of HijackThis v1.99.1
Scan saved at 15:43:57, on 24.2.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitekpc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Lisää...


?¡?¡?¡?@’Ê?íƒtƒ@ƒCƒ‹ ?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files

24.02.2005 15:31 .
24.02.2005 15:31 ..
13.02.2005 23:15 Adobe
04.02.2005 21:59 AMD
04.02.2005 21:56 Analog Devices
04.02.2005 21:58 Apoint2K
24.02.2005 15:31 Common Files
04.02.2005 21:02 ComPlus Applications
24.02.2005 14:47 HijackThis
13.02.2005 15:21 HPQ
21.02.2005 21:14 Internet Explorer
13.02.2005 15:23 InterVideo
04.02.2005 22:15 iPod
04.02.2005 22:15 iTunes
04.02.2005 22:08 Java
24.02.2005 14:27 Lavasoft
22.02.2005 00:22 Messenger
19.02.2005 23:50 microsoft frontpage
19.02.2005 23:51 Microsoft Office
13.02.2005 17:18 Microsoft Visual Studio
13.02.2005 17:21 Microsoft Works
13.02.2005 17:03 Microsoft Works Suite 2000
22.02.2005 00:29 Movie Maker
19.02.2005 17:43 Mozilla Firefox
20.02.2005 22:17 Mozilla Thunderbird
12.02.2005 16:01 MSN
15.02.2005 17:11 MSN Apps
04.02.2005 21:02 MSN Gaming Zone
21.02.2005 21:19 MSN Messenger
20.02.2005 23:04 NetMeeting
24.02.2005 10:22 Norton AntiVirus
13.02.2005 16:34 OfficeUpdate11
04.02.2005 21:05 Online Services
20.02.2005 23:04 Outlook Express
04.02.2005 22:15 QuickTime
04.02.2005 22:07 RecordNow!
04.02.2005 22:07 Sonic
17.02.2005 19:57 Sygate
09.02.2005 23:26 Symantec
09.02.2005 23:26 SymNetDrv
20.02.2005 23:11 Windows Media Player
20.02.2005 23:04 Windows NT
04.02.2005 21:06 xerox
0 tiedosto(a) 0 tavua
43 kansio(ta) 48ÿ681ÿ746ÿ432 tavua vapaana

?¡?¡?¡?@ƒVƒXƒeƒ€ƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files


?¡?¡?¡?@‰B‚µƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files

04.02.2005 22:26 InstallShield Installation Information
11.02.2005 21:33 Uninstall Information
09.02.2005 23:38 WindowsUpdate
0 tiedosto(a) 0 tavua
3 kansio(ta) 48ÿ681ÿ746ÿ432 tavua vapaana


ja vielä...



---------- UNINSTALLPROGRAMLIST
"DisplayName"="Ad-aware 6 Personal"
"DisplayName"="Agere Systems AC'97 Modem"
"DisplayName"="Broadcom 802.11 Driver"
"DisplayName"="HijackThis 1.99.1"
"DisplayName"="iTunes"
"DisplayName"="PCI 1620 Cardbus Controller and Software"
"DisplayName"="Windows XP Hotfix - KB867282"
"DisplayName"="Windows XP Hotfix - KB873333"
"DisplayName"="Windows XP Hotfix - KB873339"
"DisplayName"="Windows XP Hotfix - KB885250"
"DisplayName"="Windows XP Hotfix - KB885835"
"DisplayName"="Windows XP Hotfix - KB885836"
"DisplayName"="Windows XP Hotfix - KB885884"
"DisplayName"="Windows XP Hotfix - KB886185"
"DisplayName"="Windows XP Hotfix - KB887472"
"DisplayName"="Windows XP Hotfix - KB887742"
"DisplayName"="Windows XP Hotfix - KB888113"
"DisplayName"="Windows XP Hotfix - KB888302"
"DisplayName"="Windows XP Hotfix - KB890047"
"DisplayName"="Windows XP Hotfix - KB890175"
"DisplayName"="Windows XP Hotfix - KB891781"
"DisplayName"="LiveReg (Symantec Corporation)"
"DisplayName"="LiveUpdate 2.5 (Symantec Corporation)"
"DisplayName"="Mozilla Firefox (1.0)"
"DisplayName"="Mozilla Thunderbird (1.0)"
"DisplayName"="MSN Työkalupalkki"
"DisplayName"="NVIDIA Windows 2000/XP Display Drivers"
"DisplayName"="NVIDIA nForce Drivers"
"DisplayName"="QuickTime"
"DisplayName"="Norton AntiVirus 2004 (Symantec Corporation)"
"DisplayName"="Windows Media Format Runtime"
"DisplayName"="Windows Media Player 10"
"DisplayName"="Windows XP Service Pack 2"
"DisplayName"="Microsoft Works 2000 Osien valitseminen"
"DisplayName"="Microsoft Office 2000 Premium"
"DisplayName"="Microsoft Word 2000"
"DisplayName"="Sonic Update Manager"
"DisplayName"="Norton WMI Update"
"DisplayName"="WebFldrs XP"
"DisplayName"="Microsoft .NET Framework 1.1 Finnish Language Pack"
"DisplayName"="Java 2 Runtime Environment, SE v1.4.2_03"
"DisplayName"="Symantec Network Drivers Update"
"DisplayName"="Microsoft Word 2002"
"DisplayName"="RecordNow!"
"DisplayName"="iTunes"
"DisplayName"="TI1620/1520"
"DisplayName"="Realtek RTL8139/810x Fast Ethernet NIC Driver Setup"
"DisplayName"="InterVideo WinDVD"
"DisplayName"="ALPS Touch Pad Driver"
"DisplayName"="Word in Works Suite -apuohjelma"
"DisplayName"="MSN Messenger 6.2"
"DisplayName"="Adobe Reader 6.0.1"
"DisplayName"="Sygate Personal Firewall Pro"
"DisplayName"="Athlon 64 Processor Driver"
"DisplayName"="Norton AntiVirus 2004"
"DisplayName"="Microsoft .NET Framework 1.1"
"DisplayName"="Quick Launch Buttons 4.20 E1"
"DisplayName"="Symantec Script Blocking Installer"
"DisplayName"="CC_ccStart"
"DisplayName"="ccCommon"
"DisplayName"="SymNet"
"DisplayName"="Norton AntiVirus Parent MSI"
"DisplayName"="Microsoft Picture It! 2000"
"DisplayName"="SoundMAX"
"DisplayName"="Microsoft Works 2000"
"DisplayName"="MSRedist"


Hijackin rivi:

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitekpc32.exe

Epäilyttää ja on sitkeä. Ei poistu vikasietotilassa.

"DisplayName"="Ad-aware 6 Personal"

Ei poistu myöskään.

Katti kirjoitti:

Se msconfig auttoi. Nyt toimii taas F8.
Uusimmat logit:

Logfile of HijackThis v1.99.1
Scan saved at 15:43:57, on 24.2.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitekpc32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Lisää...


?¡?¡?¡?@’Ê?íƒtƒ@ƒCƒ‹ ?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files

24.02.2005 15:31 .
24.02.2005 15:31 ..
13.02.2005 23:15 Adobe
04.02.2005 21:59 AMD
04.02.2005 21:56 Analog Devices
04.02.2005 21:58 Apoint2K
24.02.2005 15:31 Common Files
04.02.2005 21:02 ComPlus Applications
24.02.2005 14:47 HijackThis
13.02.2005 15:21 HPQ
21.02.2005 21:14 Internet Explorer
13.02.2005 15:23 InterVideo
04.02.2005 22:15 iPod
04.02.2005 22:15 iTunes
04.02.2005 22:08 Java
24.02.2005 14:27 Lavasoft
22.02.2005 00:22 Messenger
19.02.2005 23:50 microsoft frontpage
19.02.2005 23:51 Microsoft Office
13.02.2005 17:18 Microsoft Visual Studio
13.02.2005 17:21 Microsoft Works
13.02.2005 17:03 Microsoft Works Suite 2000
22.02.2005 00:29 Movie Maker
19.02.2005 17:43 Mozilla Firefox
20.02.2005 22:17 Mozilla Thunderbird
12.02.2005 16:01 MSN
15.02.2005 17:11 MSN Apps
04.02.2005 21:02 MSN Gaming Zone
21.02.2005 21:19 MSN Messenger
20.02.2005 23:04 NetMeeting
24.02.2005 10:22 Norton AntiVirus
13.02.2005 16:34 OfficeUpdate11
04.02.2005 21:05 Online Services
20.02.2005 23:04 Outlook Express
04.02.2005 22:15 QuickTime
04.02.2005 22:07 RecordNow!
04.02.2005 22:07 Sonic
17.02.2005 19:57 Sygate
09.02.2005 23:26 Symantec
09.02.2005 23:26 SymNetDrv
20.02.2005 23:11 Windows Media Player
20.02.2005 23:04 Windows NT
04.02.2005 21:06 xerox
0 tiedosto(a) 0 tavua
43 kansio(ta) 48ÿ681ÿ746ÿ432 tavua vapaana

?¡?¡?¡?@ƒVƒXƒeƒ€ƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files


?¡?¡?¡?@‰B‚µƒtƒ@ƒCƒ‹?@?¡?¡?¡

Asemalla C ei ole nime„.
Aseman sarjanumero on C0F9-738D

Kansio c:\Program Files

04.02.2005 22:26 InstallShield Installation Information
11.02.2005 21:33 Uninstall Information
09.02.2005 23:38 WindowsUpdate
0 tiedosto(a) 0 tavua
3 kansio(ta) 48ÿ681ÿ746ÿ432 tavua vapaana


ja vielä...



---------- UNINSTALLPROGRAMLIST
"DisplayName"="Ad-aware 6 Personal"
"DisplayName"="Agere Systems AC'97 Modem"
"DisplayName"="Broadcom 802.11 Driver"
"DisplayName"="HijackThis 1.99.1"
"DisplayName"="iTunes"
"DisplayName"="PCI 1620 Cardbus Controller and Software"
"DisplayName"="Windows XP Hotfix - KB867282"
"DisplayName"="Windows XP Hotfix - KB873333"
"DisplayName"="Windows XP Hotfix - KB873339"
"DisplayName"="Windows XP Hotfix - KB885250"
"DisplayName"="Windows XP Hotfix - KB885835"
"DisplayName"="Windows XP Hotfix - KB885836"
"DisplayName"="Windows XP Hotfix - KB885884"
"DisplayName"="Windows XP Hotfix - KB886185"
"DisplayName"="Windows XP Hotfix - KB887472"
"DisplayName"="Windows XP Hotfix - KB887742"
"DisplayName"="Windows XP Hotfix - KB888113"
"DisplayName"="Windows XP Hotfix - KB888302"
"DisplayName"="Windows XP Hotfix - KB890047"
"DisplayName"="Windows XP Hotfix - KB890175"
"DisplayName"="Windows XP Hotfix - KB891781"
"DisplayName"="LiveReg (Symantec Corporation)"
"DisplayName"="LiveUpdate 2.5 (Symantec Corporation)"
"DisplayName"="Mozilla Firefox (1.0)"
"DisplayName"="Mozilla Thunderbird (1.0)"
"DisplayName"="MSN Työkalupalkki"
"DisplayName"="NVIDIA Windows 2000/XP Display Drivers"
"DisplayName"="NVIDIA nForce Drivers"
"DisplayName"="QuickTime"
"DisplayName"="Norton AntiVirus 2004 (Symantec Corporation)"
"DisplayName"="Windows Media Format Runtime"
"DisplayName"="Windows Media Player 10"
"DisplayName"="Windows XP Service Pack 2"
"DisplayName"="Microsoft Works 2000 Osien valitseminen"
"DisplayName"="Microsoft Office 2000 Premium"
"DisplayName"="Microsoft Word 2000"
"DisplayName"="Sonic Update Manager"
"DisplayName"="Norton WMI Update"
"DisplayName"="WebFldrs XP"
"DisplayName"="Microsoft .NET Framework 1.1 Finnish Language Pack"
"DisplayName"="Java 2 Runtime Environment, SE v1.4.2_03"
"DisplayName"="Symantec Network Drivers Update"
"DisplayName"="Microsoft Word 2002"
"DisplayName"="RecordNow!"
"DisplayName"="iTunes"
"DisplayName"="TI1620/1520"
"DisplayName"="Realtek RTL8139/810x Fast Ethernet NIC Driver Setup"
"DisplayName"="InterVideo WinDVD"
"DisplayName"="ALPS Touch Pad Driver"
"DisplayName"="Word in Works Suite -apuohjelma"
"DisplayName"="MSN Messenger 6.2"
"DisplayName"="Adobe Reader 6.0.1"
"DisplayName"="Sygate Personal Firewall Pro"
"DisplayName"="Athlon 64 Processor Driver"
"DisplayName"="Norton AntiVirus 2004"
"DisplayName"="Microsoft .NET Framework 1.1"
"DisplayName"="Quick Launch Buttons 4.20 E1"
"DisplayName"="Symantec Script Blocking Installer"
"DisplayName"="CC_ccStart"
"DisplayName"="ccCommon"
"DisplayName"="SymNet"
"DisplayName"="Norton AntiVirus Parent MSI"
"DisplayName"="Microsoft Picture It! 2000"
"DisplayName"="SoundMAX"
"DisplayName"="Microsoft Works 2000"
"DisplayName"="MSRedist"


Hijackin rivi:

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitekpc32.exe

Epäilyttää ja on sitkeä. Ei poistu vikasietotilassa.

"DisplayName"="Ad-aware 6 Personal"

Ei poistu myöskään.

Lue lisää

Joo no ny se on vaihtannu nimee ja niitä voi olla enempiki siellä samassa kansiossa.

Scannaa kone tolla ja pistä tänne ne jotka ilmestyy alaikkunaan

http://koti.mbnet.fi/pattaya1/escanmwav.htm

Juu kirjoitti:

Joo no ny se on vaihtannu nimee ja niitä voi olla enempiki siellä samassa kansiossa.

Scannaa kone tolla ja pistä tänne ne jotka ilmestyy alaikkunaan

http://koti.mbnet.fi/pattaya1/escanmwav.htm

Lue lisää

File C:\WINDOWS\newpop63.exe infected by "Trojan-Notifier.Win32.VB.m" Virus. Action Taken: File Deleted.

File C:\WINDOWS\unstall.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\WINDOWS\system32\eliteamp32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitedoolsav.dat tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\WINDOWS\system32\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitefbn32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteinw32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitejtg32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitelgc32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitelsy32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitenzh32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteota32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitepam32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliterra32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitesmr32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteugh32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteuwt32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitevbs32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteved32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitevmj32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitexxg32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\mmbun2.exe tagged as not-a-virus:AdWare.MediaMotor.a. No Action Taken.

File C:\WINDOWS\system32\tommynub infected by "Trojan-Downloader.BAT.Ftp.i" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O9EBCLQJ\dl[1].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Omistaja\Local Settings\Temp\uninstall.exe tagged as not-a-virus:AdWare.ToolBar.EliteBar.q. No Action Taken.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\BDGURXB7\dl[1].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\BDGURXB7\thin-143-1-x-x[1].exe tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\CJPHZZNN\protector_update[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\OW8PD0QA\diamond[1].cab infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\OW8PD0QA\unstall[1].exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\backups\backup-20050224-131415-212.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\backups\backup-20050224-145750-429.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\013D30F4 infected by "Trojan-Downloader.Win32.IstBar.ge" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\078A7C7B tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\0CCD6CF2 infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\0D5F0ED1 infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\15C655E3 infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\16DB47CD infected by "Trojan-Downloader.BAT.Ftp.c" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\185D28F1 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\186F6662 tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\18F04AD0 infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\1EBD5F5B infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\1EC00957 tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\206C4946.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\224F4E0D.EXE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton AntiVirus\Quarantine\2274190C infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\260F4712 infected by "Trojan-Downloader.BAT.Ftp.c" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\2A687323 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton AntiVirus\Quarantine\2C6932EF tagged as not-a-virus:AdWare.MediaMotor.a. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2C6C5CEC infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\2C6F06E8 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\2C7330E4 infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\2C765AE1 tagged as not-a-virus:AdWare.180Solutions. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2C7904DD tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2C8058D6 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2C86035F tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2D363EC8 tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\311D4E93 infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\363316F0 tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\363640EC tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\363A6AE9 tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\37151486 infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\3814647E tagged as not-a-virus:AdWare.180Solutions. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\3CF44A37 tagged as not-a-virus:AdWare.ToolBar.SideFind. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\3DA46E2E infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\3DAE6C23 infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\47050EF3 tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\4ABE2863 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\4CD06899 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\53B6112E tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\550C2573 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\58F85D2A infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\5E2606F0 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\5EB828CF tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\652051BB infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\69BC3ADD infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\69C538D2 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\7149464B infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\75AC74F5 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\7A2909B5 infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP102\A0006067.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008966.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008967.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008968.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008969.dll tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008970.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008971.dll tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008972.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008992.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008993.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008994.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009029.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009044.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009045.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009046.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009053.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009054.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009160.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009161.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009162.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009166.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009167.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014315.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014316.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014317.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014318.dll tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014319.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014320.dll tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014321.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.
File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014324.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014325.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014326.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014341.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014344.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014345.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014346.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014353.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014354.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014361.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014362.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014363.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019932.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019934.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019935.dll tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019936.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019937.dll tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019938.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019939.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019940.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP118\A0019966.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP118\A0019977.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP118\A0019978.dll tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP118\A0019979.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020076.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020394.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020395.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020420.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020421.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020422.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020426.exe infected by "Backdoor.Win32.Webdor.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020444.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020455.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020456.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020500.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020501.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020596.exe infected by "Trojan-Notifier.Win32.VB.m" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020597.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020598.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020599.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020600.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020601.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020602.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020603.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020604.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020605.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020606.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020607.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020608.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020609.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020610.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020611.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020612.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020613.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020614.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020615.EXE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000841.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000861.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000862.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000863.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000864.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000865.exe tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000866.ocx infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000876.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001183.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001190.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001192.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001193.exe tagged as not-a-virus:AdWare.MediaMotor.a. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001194.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001195.dll infected by "Trojan-Downloader.Win32.IstBar.ge" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001196.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001197.ocx infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001198.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001201.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP18\A0001208.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP18\A0001209.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP53\A0004464.dll tagged as not-a-virus:AdWare.ToolBar.SideFind. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP53\A0004466.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP53\A0004468.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BDGURXB7\unstall[1].exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CJPHZZNN\protector[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OW8PD0QA\dl[2].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OW8PD0QA\protector_update[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WJGTE5GZ\newpop63[1].exe infected by "Trojan-Notifier.Win32.VB.m" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\elitedoolsav.dat tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.
File C:\WINDOWS\system32\mmbun2.exe tagged as not-a-virus:AdWare.MediaMotor.a. No Action Taken.
File C:\WINDOWS\unstall.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

Katti kirjoitti:

File C:\WINDOWS\newpop63.exe infected by "Trojan-Notifier.Win32.VB.m" Virus. Action Taken: File Deleted.

File C:\WINDOWS\unstall.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\WINDOWS\system32\eliteamp32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitedoolsav.dat tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\WINDOWS\system32\eliteerror32.dat infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitefbn32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteinw32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitejtg32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitelgc32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitelsy32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitenzh32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteota32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitepam32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliterra32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitesmr32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteugh32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteuwt32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitevbs32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\eliteved32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitevmj32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\elitexxg32.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\mmbun2.exe tagged as not-a-virus:AdWare.MediaMotor.a. No Action Taken.

File C:\WINDOWS\system32\tommynub infected by "Trojan-Downloader.BAT.Ftp.i" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O9EBCLQJ\dl[1].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Omistaja\Local Settings\Temp\uninstall.exe tagged as not-a-virus:AdWare.ToolBar.EliteBar.q. No Action Taken.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\BDGURXB7\dl[1].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\BDGURXB7\thin-143-1-x-x[1].exe tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\CJPHZZNN\protector_update[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\OW8PD0QA\diamond[1].cab infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\Content.IE5\OW8PD0QA\unstall[1].exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\backups\backup-20050224-131415-212.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\backups\backup-20050224-145750-429.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\013D30F4 infected by "Trojan-Downloader.Win32.IstBar.ge" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\078A7C7B tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\0CCD6CF2 infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\0D5F0ED1 infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\15C655E3 infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\16DB47CD infected by "Trojan-Downloader.BAT.Ftp.c" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\185D28F1 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\186F6662 tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\18F04AD0 infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\1EBD5F5B infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\1EC00957 tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\206C4946.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\224F4E0D.EXE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton AntiVirus\Quarantine\2274190C infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\260F4712 infected by "Trojan-Downloader.BAT.Ftp.c" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\2A687323 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\Program Files\Norton AntiVirus\Quarantine\2C6932EF tagged as not-a-virus:AdWare.MediaMotor.a. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2C6C5CEC infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\2C6F06E8 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\2C7330E4 infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\2C765AE1 tagged as not-a-virus:AdWare.180Solutions. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2C7904DD tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2C8058D6 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2C86035F tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\2D363EC8 tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\311D4E93 infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\363316F0 tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\363640EC tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\363A6AE9 tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\37151486 infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\3814647E tagged as not-a-virus:AdWare.180Solutions. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\3CF44A37 tagged as not-a-virus:AdWare.ToolBar.SideFind. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\3DA46E2E infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\3DAE6C23 infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\47050EF3 tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\4ABE2863 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\4CD06899 infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\53B6112E tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\550C2573 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\58F85D2A infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\5E2606F0 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\5EB828CF tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\652051BB infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\69BC3ADD infected by "Trojan-Downloader.Win32.IstBar.gn" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\69C538D2 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\7149464B infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\Program Files\Norton AntiVirus\Quarantine\75AC74F5 tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\Program Files\Norton AntiVirus\Quarantine\7A2909B5 infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP102\A0006067.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008966.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008967.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008968.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008969.dll tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008970.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008971.dll tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008972.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008992.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008993.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0008994.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009029.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009044.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009045.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009046.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009053.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP107\A0009054.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009160.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009161.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009162.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009166.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP108\A0009167.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014315.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014316.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014317.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014318.dll tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014319.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014320.dll tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014321.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.
File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014324.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014325.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014326.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014341.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014344.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014345.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014346.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014353.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014354.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014361.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014362.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP109\A0014363.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019932.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019934.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019935.dll tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019936.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019937.dll tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019938.exe tagged as not-a-virus:AdWare.WinAD.k. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019939.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP117\A0019940.exe infected by "Trojan-Downloader.Win32.IstBar.go" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP118\A0019966.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP118\A0019977.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP118\A0019978.dll tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP118\A0019979.exe tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020076.exe infected by "Trojan-Downloader.Win32.Agent.is" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020394.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020395.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020420.exe tagged as not-a-virus:AdWare.WebRebates.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020421.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020422.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020426.exe infected by "Backdoor.Win32.Webdor.p" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020444.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020455.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020456.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020500.dll tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020501.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020596.exe infected by "Trojan-Notifier.Win32.VB.m" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020597.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020598.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020599.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020600.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020601.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020602.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020603.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020604.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020605.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020606.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020607.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020608.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020609.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020610.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020611.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020612.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020613.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020614.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP120\A0020615.EXE infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000841.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000861.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000862.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000863.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000864.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000865.exe tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000866.ocx infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0000876.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001183.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001190.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001192.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001193.exe tagged as not-a-virus:AdWare.MediaMotor.a. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001194.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001195.dll infected by "Trojan-Downloader.Win32.IstBar.ge" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001196.exe tagged as not-a-virus:AdWare.WinAD.s. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001197.ocx infected by "Trojan-Downloader.Win32.VB.ez" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001198.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP17\A0001201.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP18\A0001208.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP18\A0001209.exe infected by "Trojan-Downloader.Win32.Dyfuca.du" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP53\A0004464.dll tagged as not-a-virus:AdWare.ToolBar.SideFind. No Action Taken.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP53\A0004466.exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{1DDDE22D-7ED6-4721-8509-7045971A8DAB}\RP53\A0004468.exe infected by "Trojan-Downloader.Win32.IstBar.gm" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BDGURXB7\unstall[1].exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CJPHZZNN\protector[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OW8PD0QA\dl[2].exe infected by "Trojan-Downloader.Win32.Agent.il" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OW8PD0QA\protector_update[1].exe infected by "Trojan.Win32.StartPage.nk" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WJGTE5GZ\newpop63[1].exe infected by "Trojan-Notifier.Win32.VB.m" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\elitedoolsav.dat tagged as not-a-virus:AdWare.ToolBar.EliteBar.z. No Action Taken.
File C:\WINDOWS\system32\mmbun2.exe tagged as not-a-virus:AdWare.MediaMotor.a. No Action Taken.
File C:\WINDOWS\unstall.exe tagged as not-a-virus:AdWare.MediaMotor.c. No Action Taken.

Lue lisää

Siellähän oli muutama elite:llä alkavaa filettä.

Poista nuo

C:\WINDOWS\unstall.exe
C:\WINDOWS\system32\mmbun2.exe
C:\WINDOWS\system32\elitedoolsav.dat

Tyhjennä kaikki Tempit

Pistä sitte uus Hijack logi,niin putsataan se jos siellä vielä on jotain.

Juu kirjoitti:

Siellähän oli muutama elite:llä alkavaa filettä.

Poista nuo

C:\WINDOWS\unstall.exe
C:\WINDOWS\system32\mmbun2.exe
C:\WINDOWS\system32\elitedoolsav.dat

Tyhjennä kaikki Tempit

Pistä sitte uus Hijack logi,niin putsataan se jos siellä vielä on jotain.

Lue lisää

Voiko kansion huoletta tyhjentää?

C:\Documents and Settings\Omistaja\Local Settings\Temp

Siellä on kaikenlaista.

Katti kirjoitti:

Voiko kansion huoletta tyhjentää?

C:\Documents and Settings\Omistaja\Local Settings\Temp

Siellä on kaikenlaista.

Voi sen tempin tyhjentää

Juu kirjoitti:

Voi sen tempin tyhjentää

C:\WINDOWS\system32\elitedoolsav.dat
Ei löytynyt millään tavalla, mutta siihen käytettiin HJT:n Delete a File on Reboot -toimintoa.

Uusin loki näyttää tältä:

Logfile of HijackThis v1.99.1
Scan saved at 21:02:25, on 24.2.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Katti kirjoitti:

C:\WINDOWS\system32\elitedoolsav.dat
Ei löytynyt millään tavalla, mutta siihen käytettiin HJT:n Delete a File on Reboot -toimintoa.

Uusin loki näyttää tältä:

Logfile of HijackThis v1.99.1
Scan saved at 21:02:25, on 24.2.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Lue lisää

> käytettiin HJT:n Delete a File on Reboot -toimintoa. <

Ok,hyvä niin.
Logi on nyt puhas.
Siellä järjestelmänpalautuksessa on vielä roskaa,joten sammuta se ja sitte käynnistä kone uudestaan ja pistä se takas päälle ja tee uus palautuspiste.

Katti kirjoitti:

C:\WINDOWS\system32\elitedoolsav.dat
Ei löytynyt millään tavalla, mutta siihen käytettiin HJT:n Delete a File on Reboot -toimintoa.

Uusin loki näyttää tältä:

Logfile of HijackThis v1.99.1
Scan saved at 21:02:25, on 24.2.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Omistaja\Omat tiedostot\Vastaanotetut tiedostot\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dnainternet.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Works Kalenterin muistutukset.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service -turvapalvelu (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Lue lisää

> käytettiin HJT:n Delete a File on Reboot -toimintoa. <

Ok,hyvä niin.
Logi on nyt puhas.
Siellä järjestelmänpalautuksessa on vielä roskaa,joten sammuta se ja sitte käynnistä kone uudestaan ja pistä se takas päälle ja tee uus palautuspiste.

Juu kirjoitti:

> käytettiin HJT:n Delete a File on Reboot -toimintoa. <

Ok,hyvä niin.
Logi on nyt puhas.
Siellä järjestelmänpalautuksessa on vielä roskaa,joten sammuta se ja sitte käynnistä kone uudestaan ja pistä se takas päälle ja tee uus palautuspiste.

Lue lisää

Eiköhän tää tästä.

Paljon kiitoksia avusta.