Onkohan tässä jotain?

joku kuka ei vaan osaa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:06, on 16.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Sitecom\Common\WLANUtil.exe
E:\BitComet\BitComet.exe
E:\LimeWire\LimeWire.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Winamp\winamp.exe
E:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont rols/en/x86/client/wuweb_site.cab?1204442726923
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca b
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl ient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - C:\WINDOWS\system32\jdxah.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 10129 bytes

12

473

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • -----

      1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
      http://download.bleepingcomputer.com/sUBs/ComboFix.exe
      http://subs.geekstogo.com/ComboFix.exe

      2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
      3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
      Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

      =============

      Lataa SDFix by AndyManchesta
      http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
      ja tallenna se työpöydällesi.

      Käynnistä koneesi vikasietotilaan:
      sammuta ja käynnistä
      käynnistyksen yhteydessä hakkaa F8 nappia
      valitse nuolinäppäimellä vikasietotila
      paina enter ja enter
      valitse käyttäjätilisi
      paina kyllä

      Jossakin koneissa hakataan F8:sin sijasta F5:tä
      •   Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
      •   Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
      •   Paina Y käynnistääksesi skriptin.
      •   Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
      •   Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
      •   Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
      •   Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
      •   Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
      •   Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

      • joku kuka ei vaan osaa

        ComboFix 08-03-14.4 - Maarit 2008-03-17 15:05:03.1 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1443 [GMT 2:00]
        Running from: C:\Documents and Settings\Maarit\Local Settings\Temporary Internet Files\Content.IE5\N5K8GKNS\ComboFix[1].exe
        * Created a new restore point

        [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
        .

        ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-17 to 2008-03-17 )))))))))))))))))
        .

        2008-03-16 16:45 . 2007-05-16 16:45   3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
        2008-03-16 01:03 . 2008-03-16 01:28      d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
        2008-03-16 01:01 . 2008-03-16 01:02      d--------   C:\Program Files\NetProject
        2008-03-14 23:30 . 2008-03-14 23:30   352,256   --a------   C:\WINDOWS\eSellerateEngine.dll
        2008-03-14 23:30 . 2008-03-14 23:43   40   --a------   C:\WINDOWS\RSoftInfo.dat
        2008-03-13 19:59 . 2008-03-13 19:59      d--------   C:\Program Files\Common Files\Blizzard Entertainment
        2008-03-13 16:48 . 2008-03-13 16:49      d--------   C:\Program Files\Macrogaming
        2008-03-09 23:56 . 2008-03-09 23:56      d--------   C:\WINDOWS\system32\fi-fi
        2008-03-09 15:20 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
        2008-03-09 15:20 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
        2008-03-09 15:20 . 2007-07-30 19:18   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
        2008-03-09 15:01 . 2008-03-09 15:01      d--------   C:\Documents and Settings\Maarit\Application Data\Microsoft Game Studios
        2008-03-09 00:17 . 2008-03-09 00:17      d--------   C:\Program Files\Rockstar Games
        2008-03-08 15:18 . 2008-03-08 15:18      d--------   C:\WINDOWS\system32\URTTEMP
        2008-03-08 14:55 . 2008-03-08 14:55      d--------   C:\WINDOWS\San Andreas Mod Installer
        2008-03-07 00:41 . 2008-03-07 00:41      d--------   C:\WINDOWS\system32\LogFiles
        2008-03-07 00:41 . 2008-03-15 17:31   107,832   --a------   C:\WINDOWS\system32\PnkBstrB.exe
        2008-03-07 00:41 . 2008-03-07 00:41   66,872   --a------   C:\WINDOWS\system32\PnkBstrA.exe
        2008-03-07 00:41 . 2008-03-15 17:31   22,328   --a------   C:\WINDOWS\system32\drivers\PnkBstrK.sys
        2008-03-07 00:07 . 2008-03-07 07:39      d--------   C:\Program Files\America's Army Server Manager
        2008-03-06 15:54 . 2008-03-16 23:42   69   --a------   C:\WINDOWS\NeroDigital.ini
        2008-03-05 23:53 . 2008-03-05 23:53   720,896   --a------   C:\WINDOWS\iun6002.exe
        2008-03-05 23:53 . 2001-05-11 13:18   420,240   --a------   C:\WINDOWS\system32\mpg4c32.dll
        2008-03-05 23:53 . 2001-05-16 17:54   309,616   --a------   C:\WINDOWS\system32\wmv8dmod.dll
        2008-03-05 23:53 . 2001-03-26 04:41   245,760   --a------   C:\WINDOWS\system32\mp4sds32.ax
        2008-03-05 22:22 . 2008-03-05 22:22   98,304   --a------   C:\WINDOWS\system32\CmdLineExt.dll
        2008-03-05 16:08 . 2008-03-05 16:08   716,272   --a------   C:\WINDOWS\system32\drivers\sptd.sys
        2008-03-03 23:36 . 2008-03-03 23:36      d--------   C:\Documents and Settings\All Users\Application Data\espionServerData
        2008-03-03 21:04 . 2008-03-15 22:28      d--------   C:\Documents and Settings\Maarit\Application Data\LimeWire
        2008-03-03 21:04 . 2008-03-03 21:04   2,560   --a------   C:\WINDOWS\system32\bitcometres.dll
        2008-03-03 20:18 . 2008-03-03 20:18      d--------   C:\Documents and Settings\Maarit\Contacts
        2008-03-03 20:13 . 2008-03-03 20:17      d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
        2008-03-03 20:12 . 2008-03-03 20:17      d--------   C:\Program Files\Windows Live
        2008-03-03 20:12 . 2008-03-03 20:12      d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
        2008-03-03 17:13 . 2008-03-03 17:13      d--------   C:\Program Files\Sitecom
        2008-03-03 17:13 . 2007-04-25 13:47   485,248   --a------   C:\WINDOWS\system32\drivers\rt2870.sys
        2008-03-03 17:13 . 2008-03-03 17:13   21,419   --a------   C:\WINDOWS\system32\drivers\AegisP.sys
        2008-03-02 14:31 . 2008-03-17 15:01   13,533   --a------   C:\WINDOWS\system32\Config.MPF
        2008-03-02 14:30 . 2007-07-21 09:08   201,288   --a------   C:\WINDOWS\system32\drivers\mfehidk.sys
        2008-03-02 14:30 . 2007-07-13 09:20   113,952   --a------   C:\WINDOWS\system32\drivers\Mpfp.sys
        2008-03-02 14:30 . 2007-07-24 07:40   79,304   --a------   C:\WINDOWS\system32\drivers\mfeavfk.sys
        2008-03-02 14:30 . 2007-07-21 09:08   40,488   --a------   C:\WINDOWS\system32\drivers\mfesmfk.sys
        2008-03-02 14:30 . 2007-07-21 09:08   35,240   --a------   C:\WINDOWS\system32\drivers\mfebopk.sys
        2008-03-02 14:30 . 2007-07-24 12:02   33,800   --a------   C:\WINDOWS\system32\drivers\mferkdk.sys
        2008-03-02 14:29 . 2008-03-02 14:29      d--------   C:\Program Files\McAfee.com
        2008-03-02 14:29 . 2008-03-17 08:33      d--------   C:\Program Files\McAfee
        2008-03-02 14:29 . 2008-03-02 14:30      d--------   C:\Program Files\Common Files\McAfee
        2008-03-02 14:18 . 2008-03-02 14:31      d--------   C:\Documents and Settings\All Users\Application Data\McAfee
        2008-03-02 14:14 . 2008-03-02 14:14      d--------   C:\WINDOWS\%DownloadedProgramFiles%
        2008-03-02 10:48 . 2004-09-14 16:12   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
        2008-03-02 10:22 . 2008-03-02 10:22      d--------   C:\Program Files\McAfee UnInstaller 6.5 Demo English
        2008-03-02 09:33 . 2008-03-02 09:33      d--------   C:\WINDOWS\Sun
        2008-03-02 09:32 . 2008-03-02 09:32      d--------   C:\Program Files\Java
        2008-03-02 09:32 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
        2008-03-02 09:30 . 2008-03-02 09:30      d--------   C:\Program Files\Common Files\Java
        2008-03-02 09:29 . 2008-03-09 15:22      d--h-----   C:\WINDOWS\$hf_mig$
        2008-03-02 09:28 . 2008-03-02 09:33   1,279   --a------   C:\WINDOWS\mozver.dat
        2008-03-02 09:26 . 2007-07-30 19:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
        2008-03-02 09:26 . 2007-07-30 19:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
        2008-03-02 09:26 . 2007-07-30 19:18   30,040   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
        2008-03-02 09:26 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
        2008-03-02 09:26 . 2007-07-30 19:18   20,824   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
        2008-03-02 09:25 . 2008-03-02 09:25      d--hs----   C:\Documents and Settings\Maarit\UserData
        2008-03-02 09:11 . 2008-03-02 09:11      d--------   C:\Documents and Settings\All Users\Application Data\FLEXnet
        2008-03-02 09:10 . 2008-03-02 09:10      d--------   C:\Program Files\Common Files\Macrovision Shared
        2008-03-02 09:08 . 2008-03-02 09:08   116,472   ---------   C:\WINDOWS\system32\pxcpyi64.exe
        2008-03-02 09:04 . 2008-03-02 09:04      d--------   C:\Program Files\PowerISO
        2008-03-02 08:59 . 2008-03-02 08:59      d--------   C:\Documents and Settings\All Users\Application Data\ATI
        2008-03-02 08:59 . 2008-03-02 08:59   0   --a------   C:\WINDOWS\ativpsrm.bin
        2008-03-02 08:58 . 2008-01-22 14:42   593,920   ---------   C:\WINDOWS\system32\ati2sgag.exe
        2008-03-02 08:57 . 2008-03-02 08:58      d--------   C:\Program Files\ATI Technologies
        2008-03-02 08:55 . 2008-03-02 08:55   10   --a------   C:\WINDOWS\WININIT.INI
        2008-03-02 08:42 . 2008-03-02 08:42      d--------   C:\Program Files\U-ABIT
        2008-03-02 08:42 . 2007-01-12 10:54   10,848   --a------   C:\WINDOWS\system32\drivers\WinFlash.sys
        2008-03-02 08:41 . 2008-03-02 08:41      d--------   C:\Documents and Settings\Maarit\Application Data\InstallShield
        2008-02-28 10:07 . 2001-08-17 23:59   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
        2008-02-28 10:06 . 2004-09-14 16:12   74,240   --a------   C:\WINDOWS\system32\usbui.dll
        2008-02-28 10:06 . 2004-09-14 16:12   74,240   --a--c---   C:\WINDOWS\system32\dllcache\usbui.dll
        2008-02-28 10:06 . 2004-09-14 18:06   57,216   --a------   C:\WINDOWS\system32\drivers\redbook.sys
        2008-02-28 10:05 . 2008-02-28 10:05      d--h-----   C:\Documents and Settings\Default User\Verkkoympäristö
        2008-02-28 10:05 . 2008-02-28 10:05      d--------   C:\Documents and Settings\Default User\Työpöytä
        2008-02-28 10:05 . 2008-02-28 10:05      d--h-----   C:\Documents and Settings\Default User\Tulostinympäristö
        2008-02-28 10:05 . 2008-02-28 10:05      d--------   C:\Documents and Settings\Default User\Suosikit
        2008-02-28 10:05 . 2008-02-28 08:10      d--h-----   C:\Documents and Settings\Default User\Mallit
        2008-02-28 10:05 . 2008-02-28 10:05      dr-------   C:\Documents and Settings\Default User\Käynnistä-valikko
        2008-02-28 10:05 . 2008-03-16 01:02      d--------   C:\Documents and Settings\All Users\Työpöytä
        2008-02-28 10:05 . 2008-02-28 08:11      dr-------   C:\Documents and Settings\All Users\Tiedostot
        2008-02-28 10:05 . 2008-02-28 10:05      d--------   C:\Documents and Settings\All Users\Suosikit
        2008-02-28 10:05 . 2008-02-28 10:05      d--h-----   C:\Documents and Settings\All Users\Mallit
        2008-02-28 10:05 . 2008-03-16 01:02      dr-------   C:\Documents and Settings\All Users\Käynnistä-valikko
        2008-02-28 10:03 . 2008-03-16 11:03      d--------   C:\WINDOWS\system32\CatRoot2

        .
        (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-03-13 15:06   13,312   --s-a-w   C:\WINDOWS\system32\jdxah.dll
        2008-03-12 22:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2008-03-05 21:47   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
        2008-03-02 07:10   ---------   d-----w   C:\Program Files\Common Files\Adobe
        2008-03-02 07:08   43,528   ------w   C:\WINDOWS\system32\drivers\PxHelp20.sys
        2008-03-02 07:08   129,784   ------w   C:\WINDOWS\system32\pxafs.dll
        2008-03-02 07:08   118,520   ------w   C:\WINDOWS\system32\pxinsi64.exe
        2008-03-02 06:55   ---------   d-----w   C:\Program Files\Common Files\ATI Technologies
        2008-02-28 07:25   ---------   d-----w   C:\Program Files\QuickTime
        2008-02-28 07:25   ---------   d-----w   C:\Program Files\ffdshow
        2008-02-28 07:25   ---------   d-----w   C:\Program Files\AC3Filter
        2008-02-28 07:25   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\Talkback
        2008-02-28 07:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
        2008-02-28 07:22   86,016   ----a-w   C:\WINDOWS\system32\OpenAL32.dll
        2008-02-28 07:22   262,144   ----a-w   C:\WINDOWS\system32\wrap_oal.dll
        2008-02-28 07:20   ---------   d-----w   C:\Program Files\Futuremark
        2008-02-28 07:19   ---------   d-----w   C:\Program Files\Common Files\LightScribe
        2008-02-28 07:18   ---------   d-----w   C:\Program Files\Common Files\Ahead
        2008-02-28 07:18   ---------   d-----w   C:\Program Files\Ahead
        2008-02-28 07:13   ---------   d-----w   C:\Program Files\MSBuild
        2008-02-28 07:13   ---------   d-----w   C:\Program Files\Microsoft Works
        2008-02-28 07:12   ---------   d-----w   C:\Program Files\Microsoft.NET
        2008-02-28 07:11   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
        2008-02-28 07:07   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SlySoft
        2008-02-28 07:05   ---------   d-----w   C:\Program Files\SlySoft
        2008-02-28 07:04   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\CyberLink
        2008-02-28 07:02   505,392   ----a-w   C:\WINDOWS\system32\msvcp71.dll
        2008-02-28 07:02   353,840   ----a-w   C:\WINDOWS\system32\msvcr71.dll
        2008-02-28 07:02   ---------   d-----w   C:\Program Files\CyberLink
        2008-02-28 07:02   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\CyberLink
        2008-02-28 07:01   ---------   d-----w   C:\Program Files\Winamp
        2008-02-28 06:59   ---------   d-----w   C:\Program Files\CoverPro
        2008-02-28 06:58   73,216   ----a-w   C:\WINDOWS\ST6UNST.EXE
        2008-02-28 06:58   286,720   ------w   C:\WINDOWS\Setup1.exe
        2008-02-28 06:52   ---------   d-----w   C:\Documents and Settings\Maarit\Application Data\ATI
        2008-02-28 06:41   ---------   d-----w   C:\Program Files\Common Files\InstallShield
        2008-02-28 06:36   ---------   d-----w   C:\Program Files\Marvell
        2008-02-28 06:35   315,392   ----a-w   C:\WINDOWS\HideWin.exe
        2008-02-28 06:35   ---------   d-----w   C:\Program Files\Realtek
        2008-02-28 06:34   ---------   d-----w   C:\Program Files\Intel
        2008-02-28 06:13   ---------   d-----w   C:\Program Files\microsoft frontpage
        2008-01-22 21:38   2,845,696   ----a-w   C:\WINDOWS\system32\drivers\ati2mtag.sys
        2008-01-22 20:44   368,640   ----a-w   C:\WINDOWS\system32\ATIDEMGX.dll
        2008-01-22 20:43   272,384   ----a-w   C:\WINDOWS\system32\ati2dvag.dll
        2008-01-22 20:39   307,200   ----a-w   C:\WINDOWS\system32\atiiiexx.dll
        2008-01-22 20:36   9,949,184   ----a-w   C:\WINDOWS\system32\atioglx2.dll
        2008-01-22 20:35   43,520   ----a-w   C:\WINDOWS\system32\ati2edxx.dll
        2008-01-22 20:35   26,112   ----a-w   C:\WINDOWS\system32\Ati2mdxx.exe
        2008-01-22 20:35   147,456   ----a-w   C:\WINDOWS\system32\atipdlxx.dll
        2008-01-22 20:35   122,880   ----a-w   C:\WINDOWS\system32\Oemdspif.dll
        2008-01-22 20:35   122,880   ----a-w   C:\WINDOWS\system32\ati2evxx.dll
        2008-01-22 20:34   512,000   ----a-w   C:\WINDOWS\system32\ati2evxx.exe
        2008-01-22 20:33   53,248   ----a-w   C:\WINDOWS\system32\ATIDDC.DLL
        2008-01-22 20:25   3,121,920   ----a-w   C:\WINDOWS\system32\ati3duag.dll
        2008-01-22 20:14   1,664,256   ----a-w   C:\WINDOWS\system32\ativvaxx.dll
        2008-01-22 20:04   46,080   ----a-w   C:\WINDOWS\system32\amdpcom32.dll
        2008-01-22 20:01   385,024   ----a-w   C:\WINDOWS\system32\atikvmag.dll
        2008-01-22 19:59   17,408   ----a-w   C:\WINDOWS\system32\atitvo32.dll
        2008-01-22 19:58   49,152   ----a-w   C:\WINDOWS\system32\drivers\ati2erec.dll
        2008-01-22 19:57   163,840   ----a-w   C:\WINDOWS\system32\atiok3x2.dll
        2008-01-22 19:53   503,808   ----a-w   C:\WINDOWS\system32\ati2cqag.dll
        2008-01-20 07:07   33,292   ----a-w   C:\WINDOWS\system32\drivers\scdemu.sys
        .

        (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]
        2008-03-17 15:00   10240   --a------   C:\Program Files\NetProject\sbmdl.dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
        "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Program Files\NetProject\wamdl.dll" [2008-03-16 01:01 74752]

        [HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
        "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [2008-03-16 01:01 74752]

        [HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12 15360]
        "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
        "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
        "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe]
        "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
        "Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe]
        "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
        "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
        "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088]
        "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 16:12 15360]

        C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
        Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Common\WLANUtil.exe [2008-03-03 17:13:26 679936]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
        "start"= C:\Program Files\NetProject\sbmntr.exe

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
        "{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}"= C:\WINDOWS\system32\jdxah.dll [2008-03-13 17:06 13312]

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusDisableNotify"=dword:00000001
        "UpdatesDisableNotify"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
        "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
        "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
        "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
        "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
        "E:\\LimeWire\\LimeWire.exe"=
        "C:\\Program Files\\Messenger\\msmsgs.exe"=
        "C:\\Program Files\\Sitecom\\Common\\WLANUtil.exe"=
        "E:\\America's Army\\System\\ArmyOps.exe"=
        "E:\\BitComet\\BitComet.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "17352:TCP"= 17352:TCP:BitComet 17352 TCP
        "17352:UDP"= 17352:UDP:BitComet 17352 UDP
        "23002:TCP"= 23002:TCP:BitComet 23002 TCP
        "23002:UDP"= 23002:UDP:BitComet 23002 UDP
        "65535:TCP"= 65535:TCP:BitComet 65535 TCP
        "65535:UDP"= 65535:UDP:BitComet 65535 UDP
        "25054:TCP"= 25054:TCP:BitComet 25054 TCP
        "25054:UDP"= 25054:UDP:BitComet 25054 UDP
        "26941:TCP"= 26941:TCP:BitComet 26941 TCP
        "26941:UDP"= 26941:UDP:BitComet 26941 UDP
        "8116:TCP"= 8116:TCP:BitComet 8116 TCP
        "8116:UDP"= 8116:UDP:BitComet 8116 UDP
        "16695:TCP"= 16695:TCP:BitComet 16695 TCP
        "16695:UDP"= 16695:UDP:BitComet 16695 UDP
        "21915:TCP"= 21915:TCP:BitComet 21915 TCP
        "21915:UDP"= 21915:UDP:BitComet 21915 UDP
        "19569:TCP"= 19569:TCP:BitComet 19569 TCP
        "19569:UDP"= 19569:UDP:BitComet 19569 UDP
        "18330:TCP"= 18330:TCP:BitComet 18330 TCP
        "18330:UDP"= 18330:UDP:BitComet 18330 UDP
        "16413:TCP"= 16413:TCP:BitComet 16413 TCP
        "16413:UDP"= 16413:UDP:BitComet 16413 UDP
        "24682:TCP"= 24682:TCP:BitComet 24682 TCP
        "24682:UDP"= 24682:UDP:BitComet 24682 UDP
        "22552:TCP"= 22552:TCP:BitComet 22552 TCP
        "22552:UDP"= 22552:UDP:BitComet 22552 UDP
        "23893:TCP"= 23893:TCP:BitComet 23893 TCP
        "23893:UDP"= 23893:UDP:BitComet 23893 UDP
        "19507:TCP"= 19507:TCP:BitComet 19507 TCP
        "19507:UDP"= 19507:UDP:BitComet 19507 UDP

        R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-11-03 00:12]
        R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
        R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-04-25 13:47]
        S3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys []
        S3 Memctl;Memctl;C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 14:53]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
        \Shell\AutoRun\command - F:\Startup.exe

        .
        'Ajoitetut tehtävät'-kansion sisältö
        "2008-03-02 12:30:02 C:\WINDOWS\Tasks\McDefragTask.job"
        - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
        "2008-03-02 12:30:01 C:\WINDOWS\Tasks\McQcTask.job"
        - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-17 15:07:09
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************

        [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
        "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
        -> C:\WINDOWS\system32\jdxah.dll
        .
        Completion time: 2008-03-17 15:07:38
        .
        2008-03-12 22:13:46   --- E O F ---


      • joku kuka ei vaan osaa

        [b]SDFix: Version 1.158 [/b]

        Run by Maarit on ma 17.03.2008 at 15:19

        Microsoft Windows XP [versio 5.1.2600]
        Running From: C:\DOCUME~1\Maarit\TYPYT~1\SDFix

        [b]Checking Services [/b]:


        Restoring Windows Registry Values
        Restoring Windows Default Hosts File
        Restoring Default IE HomePage

        Rebooting


        [b]Checking Files [/b]:

        Trojan Files Found:

        C:\Program Files\NetProject\ot.ico - Deleted
        C:\Program Files\NetProject\sbmdl.dll - Deleted
        C:\Program Files\NetProject\sbmntr.exe - Deleted
        C:\Program Files\NetProject\sbsm.exe - Deleted
        C:\Program Files\NetProject\sbun.exe - Deleted
        C:\Program Files\NetProject\scit.exe - Deleted
        C:\Program Files\NetProject\scm.exe - Deleted
        C:\Program Files\NetProject\scu.exe - Deleted
        C:\Program Files\NetProject\ts.ico - Deleted
        C:\Program Files\NetProject\wamdl.dll - Deleted
        C:\Program Files\NetProject\waun.exe - Deleted



        Folder C:\Program Files\NetProject - Removed


        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-17 15:22:17
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
        "s1"=dword:2df9c43f
        "s2"=dword:110480d0
        "h0"=dword:00000001

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "h0"=dword:00000000
        "ujdew"=hex:46,a0,cc,50,c6,ca,c3,30,c1,58,47,c3,f3,9d,61,e8,71,61,63,c9,2d,..
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "h0"=dword:00000000
        "ujdew"=hex:46,a0,cc,50,c6,ca,c3,30,c1,58,47,c3,f3,9d,61,e8,71,61,63,c9,2d,..

        scanning hidden registry entries ...

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
        "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

        scanning hidden files ...

        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 0


        [b]Remaining Services [/b]:



        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
        "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
        "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
        "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
        "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
        "E:\\LimeWire\\LimeWire.exe"="E:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
        "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
        "C:\\Program Files\\Sitecom\\Common\\WLANUtil.exe"="C:\\Program Files\\Sitecom\\Common\\WLANUtil.exe:*:Enabled:Sitecom Wireless Utility"
        "E:\\America's Army\\System\\ArmyOps.exe"="E:\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
        "E:\\BitComet\\BitComet.exe"="E:\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [b]Remaining Files [/b]:


        File Backups: - C:\DOCUME~1\Maarit\TYPYT~1\SDFix\backups\backups.zip

        [b]Files with Hidden Attributes [/b]:

        Thu 28 Feb 2008 0 ..SH. --- "C:\WINDOWS\SAAD6CF9E.tmp"
        Fri 14 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
        Tue 11 Mar 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
        Tue 11 Mar 2008 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3cf0038d9844b330cbc012d961537773\BIT7.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\445ce037cf936bf0308bd0a2bf4516e5\BIT5.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7ce22e444dc91400829a7d1a2d39aa2\BIT8.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddfab57ae20e024ecd85b4ea1a62ef6f\BIT4.tmp"
        Thu 13 Mar 2008 25,754,696 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fb9e92de4993620137a8fa6cd843e3fd\BITE9.tmp"

        [b]Finished![/b]










        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 1:49:06, on 16.3.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        C:\Program Files\Sitecom\Common\WLANUtil.exe
        E:\BitComet\BitComet.exe
        E:\LimeWire\LimeWire.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\Program Files\NetProject\scit.exe
        C:\Program Files\NetProject\scm.exe
        C:\Program Files\NetProject\sbmntr.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\NetProject\sbsm.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\NetProject\sbsm.exe
        C:\Program Files\McAfee\MSC\mcshell.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
        C:\Program Files\Winamp\winamp.exe
        E:\Hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
        O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
        O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.2.1.2.dll
        O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe
        O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
        O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
        O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
        O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
        O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont rols/en/x86/client/wuweb_site.cab?1204442726923
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca b
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl ient.cab56907.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl ash/swflash.cab
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - C:\WINDOWS\system32\jdxah.dll
        O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

        --
        End of file - 10129 bytes






        Siinä on nyt ne molemmat :)


      • ----
        joku kuka ei vaan osaa kirjoitti:

        [b]SDFix: Version 1.158 [/b]

        Run by Maarit on ma 17.03.2008 at 15:19

        Microsoft Windows XP [versio 5.1.2600]
        Running From: C:\DOCUME~1\Maarit\TYPYT~1\SDFix

        [b]Checking Services [/b]:


        Restoring Windows Registry Values
        Restoring Windows Default Hosts File
        Restoring Default IE HomePage

        Rebooting


        [b]Checking Files [/b]:

        Trojan Files Found:

        C:\Program Files\NetProject\ot.ico - Deleted
        C:\Program Files\NetProject\sbmdl.dll - Deleted
        C:\Program Files\NetProject\sbmntr.exe - Deleted
        C:\Program Files\NetProject\sbsm.exe - Deleted
        C:\Program Files\NetProject\sbun.exe - Deleted
        C:\Program Files\NetProject\scit.exe - Deleted
        C:\Program Files\NetProject\scm.exe - Deleted
        C:\Program Files\NetProject\scu.exe - Deleted
        C:\Program Files\NetProject\ts.ico - Deleted
        C:\Program Files\NetProject\wamdl.dll - Deleted
        C:\Program Files\NetProject\waun.exe - Deleted



        Folder C:\Program Files\NetProject - Removed


        Removing Temp Files

        [b]ADS Check [/b]:



        [b]Final Check [/b]:

        catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-17 15:22:17
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden services & system hive ...

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
        "s1"=dword:2df9c43f
        "s2"=dword:110480d0
        "h0"=dword:00000001

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "h0"=dword:00000000
        "ujdew"=hex:46,a0,cc,50,c6,ca,c3,30,c1,58,47,c3,f3,9d,61,e8,71,61,63,c9,2d,..
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
        "h0"=dword:00000000
        "ujdew"=hex:46,a0,cc,50,c6,ca,c3,30,c1,58,47,c3,f3,9d,61,e8,71,61,63,c9,2d,..

        scanning hidden registry entries ...

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
        "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

        scanning hidden files ...

        scan completed successfully
        hidden processes: 0
        hidden services: 0
        hidden files: 0


        [b]Remaining Services [/b]:



        Authorized Application Key Export:

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
        "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
        "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
        "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
        "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
        "E:\\LimeWire\\LimeWire.exe"="E:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
        "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
        "C:\\Program Files\\Sitecom\\Common\\WLANUtil.exe"="C:\\Program Files\\Sitecom\\Common\\WLANUtil.exe:*:Enabled:Sitecom Wireless Utility"
        "E:\\America's Army\\System\\ArmyOps.exe"="E:\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
        "E:\\BitComet\\BitComet.exe"="E:\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
        "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
        "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
        "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

        [b]Remaining Files [/b]:


        File Backups: - C:\DOCUME~1\Maarit\TYPYT~1\SDFix\backups\backups.zip

        [b]Files with Hidden Attributes [/b]:

        Thu 28 Feb 2008 0 ..SH. --- "C:\WINDOWS\SAAD6CF9E.tmp"
        Fri 14 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
        Tue 11 Mar 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
        Tue 11 Mar 2008 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3cf0038d9844b330cbc012d961537773\BIT7.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\445ce037cf936bf0308bd0a2bf4516e5\BIT5.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7ce22e444dc91400829a7d1a2d39aa2\BIT8.tmp"
        Mon 10 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddfab57ae20e024ecd85b4ea1a62ef6f\BIT4.tmp"
        Thu 13 Mar 2008 25,754,696 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fb9e92de4993620137a8fa6cd843e3fd\BITE9.tmp"

        [b]Finished![/b]










        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 1:49:06, on 16.3.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        C:\Program Files\Sitecom\Common\WLANUtil.exe
        E:\BitComet\BitComet.exe
        E:\LimeWire\LimeWire.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\Program Files\NetProject\scit.exe
        C:\Program Files\NetProject\scm.exe
        C:\Program Files\NetProject\sbmntr.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\NetProject\sbsm.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\NetProject\sbsm.exe
        C:\Program Files\McAfee\MSC\mcshell.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
        C:\Program Files\Winamp\winamp.exe
        E:\Hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
        O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
        O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.2.1.2.dll
        O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe
        O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
        O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
        O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
        O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
        O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.safeiegate.com/redirect.php (file missing)
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont rols/en/x86/client/wuweb_site.cab?1204442726923
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca b
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl ient.cab56907.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl ash/swflash.cab
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - C:\WINDOWS\system32\jdxah.dll
        O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

        --
        End of file - 10129 bytes






        Siinä on nyt ne molemmat :)

        Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
        Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi.

        Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.


      • joku kuka ei vaan osaa
        ---- kirjoitti:

        Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
        Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

        Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
        Postita tämän tekstitiedoston sisältö viestiketjuusi.

        Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

        SmitFraudFix v2.305

        Scan done at 15:25:53,46, ti 18.03.2008
        Run from C:\Documents and Settings\Maarit\Työpöytä\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» Process

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\Program Files\CyberLink\Shared files\RichVideo.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Sitecom\Common\WLANUtil.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
        C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
        C:\WINDOWS\system32\cmd.exe
        C:\PROGRA~1\McAfee\MSC\mcsync.exe

        »»»»»»»»»»»»»»»»»»»»»»»» hosts


        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        C:\WINDOWS\system32\jdxah.dll FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Maarit\Suosikit

        C:\DOCUME~1\Maarit\Suosikit\Online Security Test.url FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Nykyinen kotisivu"


        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
        !!!Attention, following keys are not inevitably infected!!!

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» VACFix
        !!!Attention, following keys are not inevitably infected!!!

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}"="inoperable"

        [HKEY_CLASSES_ROOT\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
        @="C:\WINDOWS\system32\jdxah.dll"

        [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
        @="C:\WINDOWS\system32\jdxah.dll"



        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Rustock



        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        Description: Wireless-N Network USB Adapter WL-182 #9 - Paketinajoituksen miniportti
        DNS Server Search Order: 192.168.0.254

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EFF8441-7CA1-42D5-A741-DB35CD5E8F19}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EFF8441-7CA1-42D5-A741-DB35CD5E8F19}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS2\Services\Tcpip\..\{8EFF8441-7CA1-42D5-A741-DB35CD5E8F19}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End


      • ------
        joku kuka ei vaan osaa kirjoitti:

        SmitFraudFix v2.305

        Scan done at 15:25:53,46, ti 18.03.2008
        Run from C:\Documents and Settings\Maarit\Työpöytä\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in normal mode

        »»»»»»»»»»»»»»»»»»»»»»»» Process

        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\Program Files\CyberLink\Shared files\RichVideo.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Sitecom\Common\WLANUtil.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
        C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
        C:\WINDOWS\system32\cmd.exe
        C:\PROGRA~1\McAfee\MSC\mcsync.exe

        »»»»»»»»»»»»»»»»»»»»»»»» hosts


        »»»»»»»»»»»»»»»»»»»»»»»» C:\


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

        C:\WINDOWS\system32\jdxah.dll FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maarit\Application Data


        »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


        »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Maarit\Suosikit

        C:\DOCUME~1\Maarit\Suosikit\Online Security Test.url FOUND !

        »»»»»»»»»»»»»»»»»»»»»»»» Desktop


        »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


        »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


        »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
        "Source"="About:Home"
        "SubscribedURL"="About:Home"
        "FriendlyName"="Nykyinen kotisivu"


        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
        !!!Attention, following keys are not inevitably infected!!!

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» VACFix
        !!!Attention, following keys are not inevitably infected!!!

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}"="inoperable"

        [HKEY_CLASSES_ROOT\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
        @="C:\WINDOWS\system32\jdxah.dll"

        [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
        @="C:\WINDOWS\system32\jdxah.dll"



        »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
        "AppInit_DLLs"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Rustock



        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        Description: Wireless-N Network USB Adapter WL-182 #9 - Paketinajoituksen miniportti
        DNS Server Search Order: 192.168.0.254

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EFF8441-7CA1-42D5-A741-DB35CD5E8F19}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EFF8441-7CA1-42D5-A741-DB35CD5E8F19}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS2\Services\Tcpip\..\{8EFF8441-7CA1-42D5-A741-DB35CD5E8F19}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254


        »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


        »»»»»»»»»»»»»»»»»»»»»»»» End

        Printtaa ohjeet ulos.

        Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

        Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

        Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

        Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

        Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
        Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
        Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

        Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.


      • joku kuka ei vaan osaa
        ------ kirjoitti:

        Printtaa ohjeet ulos.

        Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

        Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
        Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

        Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

        Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

        Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
        Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
        Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

        Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.

        SmitFraudFix v2.305

        Scan done at 15:24:58,26, ke 19.03.2008
        Run from C:\Documents and Settings\Maarit\Työpöytä\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in safe mode

        »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}"="inoperable"

        [HKEY_CLASSES_ROOT\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
        @="C:\WINDOWS\system32\jdxah.dll"

        [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
        @="C:\WINDOWS\system32\jdxah.dll"


        »»»»»»»»»»»»»»»»»»»»»»»» Killing process


        »»»»»»»»»»»»»»»»»»»»»»»» hosts

        127.0.0.1 localhost

        »»»»»»»»»»»»»»»»»»»»»»»» VACFix

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

        S!Ri's WS2Fix: LSP not Found.


        »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

        GenericRenosFix by S!Ri

        C:\WINDOWS\system32\jdxah.dll -> Hoax.Win32.Renos.gen.o
        C:\WINDOWS\system32\jdxah.dll -> Deleted


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

        C:\DOCUME~1\Maarit\Suosikit\Online Security Test.url Deleted

        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{1E9365D9-8C90-4AF8-9527-425BFCCD23AD}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{1E9365D9-8C90-4AF8-9527-425BFCCD23AD}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

        Registry Cleaning done.

        »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» End


      • -----
        joku kuka ei vaan osaa kirjoitti:

        SmitFraudFix v2.305

        Scan done at 15:24:58,26, ke 19.03.2008
        Run from C:\Documents and Settings\Maarit\Työpöytä\SmitfraudFix
        OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
        The filesystem type is NTFS
        Fix run in safe mode

        »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
        "{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}"="inoperable"

        [HKEY_CLASSES_ROOT\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
        @="C:\WINDOWS\system32\jdxah.dll"

        [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
        @="C:\WINDOWS\system32\jdxah.dll"


        »»»»»»»»»»»»»»»»»»»»»»»» Killing process


        »»»»»»»»»»»»»»»»»»»»»»»» hosts

        127.0.0.1 localhost

        »»»»»»»»»»»»»»»»»»»»»»»» VACFix

        VACFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

        S!Ri's WS2Fix: LSP not Found.


        »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

        GenericRenosFix by S!Ri

        C:\WINDOWS\system32\jdxah.dll -> Hoax.Win32.Renos.gen.o
        C:\WINDOWS\system32\jdxah.dll -> Deleted


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

        C:\DOCUME~1\Maarit\Suosikit\Online Security Test.url Deleted

        »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

        IEDFix
        Credits: Malware Analysis & Diagnostic
        Code: S!Ri


        »»»»»»»»»»»»»»»»»»»»»»»» DNS

        HKLM\SYSTEM\CCS\Services\Tcpip\..\{1E9365D9-8C90-4AF8-9527-425BFCCD23AD}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS1\Services\Tcpip\..\{1E9365D9-8C90-4AF8-9527-425BFCCD23AD}: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
        HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254


        »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


        »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
        !!!Attention, following keys are not inevitably infected!!!

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
        "System"=""


        »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

        Registry Cleaning done.

        »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
        !!!Attention, following keys are not inevitably infected!!!

        SrchSTS.exe by S!Ri
        Search SharedTaskScheduler's .dll


        »»»»»»»»»»»»»»»»»»»»»»»» End

        Lataa Malwarebytes' Anti-Malware työpöydällesi.
        http://www.besttechie.net/tools/mbam-setup.exe
        •   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
        •   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
        •   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
        •   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
        •   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
        •   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
        •   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
        •   Lähetä lokin sisältö seuraavassa viestissäsi.


      • joku kuka ei vaan osaa
        ----- kirjoitti:

        Lataa Malwarebytes' Anti-Malware työpöydällesi.
        http://www.besttechie.net/tools/mbam-setup.exe
        •   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
        •   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
        •   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
        •   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
        •   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
        •   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
        •   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
        •   Lähetä lokin sisältö seuraavassa viestissäsi.

        Malwarebytes' Anti-Malware 1.08
        Tietokantaversio: 506

        Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
        Tarkistetut kohteet: 74225
        Kulunut aika: 17 minute(s), 10 second(s)

        Saastuneita muistiprosesseja: 0
        Saastuneita muistimoduuleja: 0
        Saastuneita rekisteriavaimia: 1
        Saastuneita rekisteriarvoja: 0
        Saastuneita rekisterikohteita: 0
        Saastuneita hakemistoja: 0
        Saastuneita tiedostoja: 1

        Saastuneita muistiprosesseja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita muistimoduuleja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisteriavaimia:
        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

        Saastuneita rekisteriarvoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisterikohteita:
        (Haitallisia kohteita ei löydetty)

        Saastuneita hakemistoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita tiedostoja:
        C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP57\A0012305.dll (Trojan.Zlob) -> Quarantined and deleted successfully.


      • ------
        joku kuka ei vaan osaa kirjoitti:

        Malwarebytes' Anti-Malware 1.08
        Tietokantaversio: 506

        Tarkistustyyppi: Täysi tarkistus (C:\|E:\|)
        Tarkistetut kohteet: 74225
        Kulunut aika: 17 minute(s), 10 second(s)

        Saastuneita muistiprosesseja: 0
        Saastuneita muistimoduuleja: 0
        Saastuneita rekisteriavaimia: 1
        Saastuneita rekisteriarvoja: 0
        Saastuneita rekisterikohteita: 0
        Saastuneita hakemistoja: 0
        Saastuneita tiedostoja: 1

        Saastuneita muistiprosesseja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita muistimoduuleja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisteriavaimia:
        HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

        Saastuneita rekisteriarvoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita rekisterikohteita:
        (Haitallisia kohteita ei löydetty)

        Saastuneita hakemistoja:
        (Haitallisia kohteita ei löydetty)

        Saastuneita tiedostoja:
        C:\System Volume Information\_restore{264F6104-ED0D-48B7-8CE5-796008BA01D0}\RP57\A0012305.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

        scannaa uusi hjt:n loki


      • joku kuka ei vaan osaa
        ------ kirjoitti:

        scannaa uusi hjt:n loki

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 21:26:00, on 19.3.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\Program Files\CyberLink\Shared files\RichVideo.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Sitecom\Common\WLANUtil.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        E:\Guitar Pro 5\GP5.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        E:\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
        O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
        O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.2.1.2.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe
        O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
        O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
        O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
        O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

        --
        End of file - 8444 bytes


      • ----
        joku kuka ei vaan osaa kirjoitti:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 21:26:00, on 19.3.2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\Program Files\CyberLink\Shared files\RichVideo.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\Program Files\PowerISO\PWRISOVM.EXE
        C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Sitecom\Common\WLANUtil.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\Program Files\Windows Live\Messenger\usnsvc.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        E:\Guitar Pro 5\GP5.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
        E:\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
        O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
        O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.2.1.2.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
        O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
        O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
        O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\WLANUtil.exe
        O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm
        O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm
        O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm
        O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442726923
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

        --
        End of file - 8444 bytes

        Poista lisää poista sovelutuksesta

        SweetIM For Internet Explorer

        Poista vikasiedossa kansio

        C:\Program Files\Macrogaming\==> SweetIMBarForIE


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Ensitreffit Jenni laukoo viinilasin ääressä suorat sanat Jyrkin aikeista: "Mä sanoin, että älä"

      Voi ei… Mitä luulet: kestääkö Jennin ja Jyrkin avioliitto vai päättyykö eroon? Lue lisää: https://www.suomi24.fi/viihde
      Ensitreffit alttarilla
      26
      2778
    2. Ymmärrän paremmin kuin koskaan

      Roikut kädessäni ja vedät puoleesi. Näen kuitenkin tämän kaiken lävitse ja kaikkien takia minun on tehtävä tämä. Päästän
      Tunteet
      29
      2312
    3. 148
      2264
    4. Hullu liikenteessä?

      Mikä hullu pyörii kylillä jos jahti päällä? Näitä tosin kyllä riittää tällä kylällä.
      Kiuruvesi
      53
      2190
    5. Niina Lahtinen uudessa elämäntilanteessa - Kotiolot ovat muuttuneet merkittävästi: "Nyt on...!"

      Niina, tanssejasi on riemukasta seurata, iso kiitos! Lue Niinan haastattelu: https://www.suomi24.fi/viihde/niina-lahti
      Suomalaiset julkkikset
      21
      1802
    6. Kun Venäjä on tasannut tilit Ukrainan kanssa, onko Suomi seuraava?

      Mitä mieltä olette, onko Suomi seuraava, jonka kanssa Venäjä tasaa tilit? Ja voisiko sitä mitenkään estää? Esimerkiks
      NATO
      389
      1662
    7. Ano Turtiainen saa syytteet kansankiihoituksesta

      Syytteitä on kolme ja niissä on kyse kirjoituksista, jotka hän on kansanedustaja-aikanaan julkaissut Twitter-tilillään
      Maailman menoa
      98
      1597
    8. Pyhäinpäivän aamua

      Oikein hyvää huomenta ja rauhallista päivää. ❄️😊🥱☕❤️
      Ikävä
      298
      1485
    9. Varokaa! Lunta voi sataa kohta!

      Vakava säävaroitus Lumisadevaroitus Satakunta, Uusimaa, Etelä-Karjala, Keski-Suomi, Etelä-Savo, Etelä-Pohjanmaa, Pohjanm
      Maailman menoa
      13
      1419
    10. Kunta ostaa kivitipun

      Kunnanjohtajan tuleva uusi ostokohde
      Lappajärvi
      133
      1418
    Aihe